24 matches found
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...
PT-2025-52670
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.2 Description A flaw exists in the startup logic of the Keyfactor SignServer container. The Admin CLI command, designed to configure certificate access during the initial container startup, incorrectly...
CVE-2025-26787
CVE-2025-26787 affects Keyfactor SignServer prior to 7.2. The issue arises from a logic error in the SignServer container startup routine: the Admin CLI command intended to configure certificate access at the initial startup is executed on every container restart, resetting the access policy to "...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
EUVD-2025-175378
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3...
EUVD-2025-175377
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47221
CVE-2025-47221 : Keyfactor SignServer versions before 7.3.2 contain an arbitrary file write flaw. The ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, and ARCHIVETODISK_PATH_PATTERN properties can be set to any path, enabling a user with admin access to write files in arbitrary server dir...