Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
primekey ejbca vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2020-25276
An issue exists in PrimeKey EJBCA 6.x and 7.x prior to 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to au...
Primekey Ejbca
9.8
CVSSv3
CVE-2022-34831
An issue exists in Keyfactor PrimeKey EJBCA prior to 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifie...
Primekey Ejbca
4.3
CVSSv3
CVE-2020-28942
An issue exists in PrimeKey EJBCA prior to 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limi...
Primekey Ejbca
4.8
CVSSv3
CVE-2022-40711
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.
Primekey Ejbca 7.9.0.2
5.4
CVSSv3
CVE-2022-39834
A stored XSS vulnerability exists in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA up to and including 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.
Keyfactor Primekey Ejbca
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2