Lucene search

MitreCVE-2021-40087

HistoryAug 25, 2021 - 2:15 a.m.

CVE-2021-40087

2021-08-2502:15:08

CWE-312

mitre

web.nvd.nist.gov

cve-2021-40087

primekey

ejbca

audit logging

cleartext

secret modifications

protocols

scep

cmp

est

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.

Affected configurations

Nvd

Node

primekeyejbcaRange<7.6.0enterprise

VendorProductVersionCPE
primekeyejbca*cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
primekey	ejbca	*	cpe:2.3:a:primekey:ejbca:::::enterprise:::*

References

support.primekey.com/news/posts/53

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2021-40087