CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
91.7%
Software: pki-core 10.5.18
OS: rosa-server79
package_evr_string: pki-core-10.5.18-16
CVE-ID: CVE-2022-2414
BDU-ID: 2022-05089
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to external objects. Exploitation of the vulnerability could allow an attacker acting remotely to conduct XXE attacks
CVE-STATUS: Resolved
CVE-REV: Run yum update command to close it