Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
primekey ejbca vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-11628
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA&...
Primekey Ejbca
4
CVSSv2
CVE-2020-11631
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This i...
Primekey Ejbca
6.5
CVSSv2
CVE-2020-11629
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gain...
Primekey Ejbca
NA
CVE-2022-34831
An issue exists in Keyfactor PrimeKey EJBCA prior to 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifie...
Primekey Ejbca
3.5
CVSSv2
CVE-2021-40086
An issue exists in PrimeKey EJBCA prior to 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page sou...
Primekey Ejbca
4
CVSSv2
CVE-2021-40087
An issue exists in PrimeKey EJBCA prior to 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). Th...
Primekey Ejbca
4.9
CVSSv2
CVE-2021-40088
An issue exists in PrimeKey EJBCA prior to 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by ver...
Primekey Ejbca
1.9
CVSSv2
CVE-2021-40089
An issue exists in PrimeKey EJBCA prior to 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this sett...
Primekey Ejbca
4
CVSSv2
CVE-2020-28942
An issue exists in PrimeKey EJBCA prior to 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limi...
Primekey Ejbca
4.3
CVSSv2
CVE-2020-11626
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.
Primekey Ejbca
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »