vulnerability
Oracle Linux: CVE-2019-10179: ELSA-2020-4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 3, 2020 | Mar 18, 2021 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 3, 2020
Added
Mar 18, 2021
Modified
Dec 3, 2025
Description
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Solutions
oracle-linux-upgrade-apache-commons-collectionsoracle-linux-upgrade-apache-commons-langoracle-linux-upgrade-apache-commons-netoracle-linux-upgrade-bea-stax-apioracle-linux-upgrade-glassfish-fastinfosetoracle-linux-upgrade-glassfish-jaxb-apioracle-linux-upgrade-glassfish-jaxb-coreoracle-linux-upgrade-glassfish-jaxb-runtimeoracle-linux-upgrade-glassfish-jaxb-txw2oracle-linux-upgrade-jackson-annotationsoracle-linux-upgrade-jackson-coreoracle-linux-upgrade-jackson-databindoracle-linux-upgrade-jackson-jaxrs-json-provideroracle-linux-upgrade-jackson-jaxrs-providersoracle-linux-upgrade-jackson-module-jaxb-annotationsoracle-linux-upgrade-jakarta-commons-httpclientoracle-linux-upgrade-javassistoracle-linux-upgrade-javassist-javadocoracle-linux-upgrade-jssoracle-linux-upgrade-jss-javadocoracle-linux-upgrade-ldapjdkoracle-linux-upgrade-ldapjdk-javadocoracle-linux-upgrade-pki-baseoracle-linux-upgrade-pki-base-javaoracle-linux-upgrade-pki-caoracle-linux-upgrade-pki-javadocoracle-linux-upgrade-pki-kraoracle-linux-upgrade-pki-serveroracle-linux-upgrade-pki-servlet-4-0-apioracle-linux-upgrade-pki-servlet-engineoracle-linux-upgrade-pki-symkeyoracle-linux-upgrade-pki-toolsoracle-linux-upgrade-python3-nssoracle-linux-upgrade-python3-pkioracle-linux-upgrade-python-nss-docoracle-linux-upgrade-relaxngdatatypeoracle-linux-upgrade-resteasyoracle-linux-upgrade-slf4joracle-linux-upgrade-slf4j-jdk14oracle-linux-upgrade-stax-exoracle-linux-upgrade-tomcatjssoracle-linux-upgrade-velocityoracle-linux-upgrade-xalan-j2oracle-linux-upgrade-xerces-j2oracle-linux-upgrade-xml-commons-apisoracle-linux-upgrade-xml-commons-resolveroracle-linux-upgrade-xmlstreambufferoracle-linux-upgrade-xsom
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.