Lucene search
RedHatRHSA-2021:0948HistoryMar 22, 2021 - 8:48 a.m.
(RHSA-2021:0948) Moderate: Red Hat Certificate System security and bug fix update
2021-03-2208:48:53
access.redhat.com
59
0.001 Low
EPSS
Percentile
35.9%
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
-
pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab (CVE-2019-10178)
-
pki-core: unsanitized token parameters in TPS resulting in stored XSS (CVE-2019-10180)
-
pki-core: Stored XSS in TPS profile creation (CVE-2020-1696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Update Batch Update Information to Version 20 [RHCS 9.4.z] (BZ#1931149)
-
Not able to launch pkiconsole – RHEL 7.6.z backport request [RHCS 9.4.z] (BZ#1931718)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | pki-tps | < 10.5.9-15.el7pki | pki-tps-10.5.9-15.el7pki.x86_64.rpm |
| RedHat | 7 | noarch | pki-ocsp | < 10.5.9-15.el7pki | pki-ocsp-10.5.9-15.el7pki.noarch.rpm |
| RedHat | 7 | noarch | pki-tks | < 10.5.9-15.el7pki | pki-tks-10.5.9-15.el7pki.noarch.rpm |
| RedHat | 7 | x86_64 | pki-core-debuginfo | < 10.5.9-15.el7pki | pki-core-debuginfo-10.5.9-15.el7pki.x86_64.rpm |
| RedHat | 7 | noarch | redhat-pki-server-theme | < 10.5.9-5.el7pki | redhat-pki-server-theme-10.5.9-5.el7pki.noarch.rpm |
| RedHat | 7 | noarch | pki-console | < 10.5.9-2.el7pki | pki-console-10.5.9-2.el7pki.noarch.rpm |
| RedHat | 7 | noarch | idm-console-framework | < 1.1.17-4.el7dsrv | idm-console-framework-1.1.17-4.el7dsrv.noarch.rpm |
| RedHat | 7 | noarch | redhat-pki-console-theme | < 10.5.9-5.el7pki | redhat-pki-console-theme-10.5.9-5.el7pki.noarch.rpm |
Related
redhat
redhat
nessus
nessus
RHEL 7 : pki-core and redhat-pki-theme (RHSA-2021:0947)
2024-04-27 00:00:00
debiancve
debiancve
osv
osv
CVE-2019-10180
2020-03-31 17:15:25
CVE-2020-1696
2020-03-20 15:15:13
nvd
nvd
cve
cve
veracode
veracode
Cross Site Scripting (XSS)
2021-03-23 10:25:53
Cross-site Scripting (XSS)
2021-03-23 10:25:52
Cross-Site Scripting (XSS)
2021-03-23 10:25:54
prion
prion
Cross site scripting
2020-03-31 17:15:00
Cross site scripting
2020-03-18 16:15:00
Cross site scripting
2020-03-20 15:15:00
ubuntucve
ubuntucve
redhatcve
redhatcve
cvelist
cvelist
oraclelinux
oraclelinux
pki-core security and bug fix update
2021-03-17 00:00:00