Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
primekey ejbca vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2021-40087
An issue exists in PrimeKey EJBCA prior to 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). Th...
Primekey Ejbca
5.4
CVSSv3
CVE-2021-40088
An issue exists in PrimeKey EJBCA prior to 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by ver...
Primekey Ejbca
2.3
CVSSv3
CVE-2021-40089
An issue exists in PrimeKey EJBCA prior to 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this sett...
Primekey Ejbca
4.8
CVSSv3
CVE-2022-40711
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.
Primekey Ejbca 7.9.0.2
5.4
CVSSv3
CVE-2022-39834
A stored XSS vulnerability exists in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA up to and including 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.
Keyfactor Primekey Ejbca
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2