An update for pki-core is now available for HCE 1.1

HCE1-SA-2023-0087 An update for pki-core is now available for HCE 1.1 Important HCE 1.1 Security Fix(es): A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. (CVE-2022-2393) Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. (CVE-2022-2414) HCE 1.1 pki-base-10.5.18-25.hce1c.noarch.rpm pki-base-java-10.5.18-25.hce1c.noarch.rpm pki-ca-10.5.18-25.hce1c.noarch.rpm pki-kra-10.5.18-25.hce1c.noarch.rpm pki-server-10.5.18-25.hce1c.noarch.rpm pki-symkey-10.5.18-25.hce1c.x86_64.rpm pki-tools-10.5.18-25.hce1c.x86_64.rpm