Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
primekey ejbca vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34831
An issue exists in Keyfactor PrimeKey EJBCA prior to 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifie...
Primekey Ejbca
9.8
CVSSv3
CVE-2020-11630
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.
Primekey Ejbca
8.8
CVSSv3
CVE-2020-11627
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.
Primekey Ejbca
7.3
CVSSv3
CVE-2020-25276
An issue exists in PrimeKey EJBCA 6.x and 7.x prior to 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to au...
Primekey Ejbca
7.2
CVSSv3
CVE-2020-11629
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gain...
Primekey Ejbca
6.5
CVSSv3
CVE-2020-11631
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This i...
Primekey Ejbca
6.1
CVSSv3
CVE-2020-11626
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.
Primekey Ejbca
5.4
CVSSv3
CVE-2022-39834
A stored XSS vulnerability exists in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA up to and including 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.
Keyfactor Primekey Ejbca
5.4
CVSSv3
CVE-2021-40088
An issue exists in PrimeKey EJBCA prior to 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by ver...
Primekey Ejbca
5.3
CVSSv3
CVE-2020-11628
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA&...
Primekey Ejbca
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »