CVE-2019-10221 — MEDIUM (4.3)

Q: How severe is CVE-2019-10221?

CVE-2019-10221 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10221?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Dogtagpki Dogtagpki.

Vulnerability Description

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux	7.0
Dogtagpki	Dogtagpki	>= 10.0, <= 10.8.3

Related Weaknesses (CWE)

CWE-79

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10221Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10221Issue TrackingThird Party Advisory

FAQ

What is CVE-2019-10221?

CVE-2019-10221 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL p...

How severe is CVE-2019-10221?

CVE-2019-10221 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10221?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Dogtagpki Dogtagpki.