CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
dogtagpkidogtagpki
10.5.18
dogtagpkidogtagpki
10.7.4
dogtagpkidogtagpki
10.8.3
dogtagpkidogtagpki
10.11.2
dogtagpkidogtagpki
10.12.4
dogtagpkidogtagpki
11.0.5
dogtagpkidogtagpki
11.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dogtag-pki
bullseye
no-dsa
sid
11.2.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dogtag-pki
bionic
needed
focal
needed
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
dne
trusty
dne
xenial
needed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pki-acme
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-base
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-base-java
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-ca
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-javadoc
RHEL 7
0:10.5.18-24.el7_9
fixed
pki-kra
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-server
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-symkey
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
pki-tools
RHEL 7
0:10.5.18-24.el7_9
fixed
RHEL 9
0:11.0.6-2.el9_0
fixed
python3-pki
RHEL 9
0:11.0.6-2.el9_0
fixed
Common Weakness Enumeration
References
https://github.com/dogtagpki/pki/pull/4021
https://github.com/dogtagpki/pki/pull/4021