Lucene search

[email protected]NVD:CVE-2021-40089

HistoryAug 25, 2021 - 2:15 a.m.

CVE-2021-40089

2021-08-2502:15:08

[email protected]

web.nvd.nist.gov

primekey ejbca

issue

custom publisher

external script access

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

12.6%

JSON

An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it’s not possible to create new such publishers, but existing publishers would continue to run.

Affected configurations

Nvd

Node

primekeyejbcaRange<7.6.0enterprise

VendorProductVersionCPE
primekeyejbca*cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
primekey	ejbca	*	cpe:2.3:a:primekey:ejbca:::::enterprise:::*

References

support.primekey.com/news/posts/54

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-40089

osv1 prion1 cvelist1 cve1