CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/08/03 3:15 a.m.•9 views

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

8.2CVSS8.1AI score0.00101EPSS

ATTACKERKB•added 2023/08/03 3:15 a.m.•0 views

CVE-2023-34196

8.2CVSS7.2AI score0.00101EPSS

Prion•added 2023/08/03 3:15 a.m.•18 views

Authentication flaw

6.4CVSS7.9AI score0.00101EPSS

CVE•added 2023/08/03 12:0 a.m.•40 views

CVE-2023-34196

Affected software: Keyfactor EJBCA prior to 8.0.0. Vulnerable component: RA web certificate distribution servlet at /ejbca/ra/cert. Root cause: authentication issue enabling partial denial of service. In OAuth configurations, CA certificates (attributes and public keys) may be disclosed to unauth...

8.2CVSS8AI score0.00101EPSS

Vulnrichment•added 2023/08/03 12:0 a.m.•11 views

CVE-2023-34196

7.1AI score0.00101EPSS

Cvelist•added 2023/08/03 12:0 a.m.•15 views

CVE-2023-34196

8.2AI score0.00101EPSS

NVD•added 2022/11/17 5:15 a.m.•11 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

5.4CVSS0.00677EPSS

OSV•added 2022/11/17 5:15 a.m.•1 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

5.4CVSS5.8AI score0.00677EPSS

Prion•added 2022/11/17 5:15 a.m.•9 views

Cross site scripting

Keyfactor EJBCA before 7.10.0 allows XSS...

4.9CVSS5.6AI score0.00677EPSS

Exploits0References1Affected Software1

CVE•added 2022/11/17 12:0 a.m.•50 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 is affected by a cross-site scripting (XSS) vulnerability. The issue is cited across multiple sources (NVD/Red Hat/CVE records) with the affected product identified as Keyfactor EJBCA versions prior to 7.10.0. The underlying cause is an XSS flaw in the web interface ...

5.4CVSS5.5AI score0.00677EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/11/17 12:0 a.m.•5 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

7.2AI score0.00677EPSS

Cvelist•added 2022/11/17 12:0 a.m.•10 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

5.8AI score0.00677EPSS

CNNVD•added 2022/11/17 12:0 a.m.•2 views

Keyfactor EJBCA 跨站脚本漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. A cross-site scripting vulnerability exists in Keyfactor EJBCA versions prior to 7.10.0 that stems from allowing XSS...

5.4CVSS5.4AI score0.00677EPSS

Positive Technologies•added 2022/11/17 12:0 a.m.•3 views

PT-2022-26678 · Keyfactor · Keyfactor Ejbca

Name of the Vulnerable Software and Affected Versions: Keyfactor EJBCA versions prior to 7.10.0 Description: The issue allows for Cross-Site Scripting XSS, which is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take...

5.4CVSS5.5AI score0.00677EPSS

ATTACKERKB•added 2022/09/14 3:15 a.m.•0 views

CVE-2022-34831

9.8CVSS5.9AI score0.0023EPSS

NVD•added 2022/09/14 3:15 a.m.•7 views

CVE-2022-34831

9.8CVSS0.0023EPSS

OSV•added 2022/09/14 3:15 a.m.•1 views

CVE-2022-34831

9.8CVSS5.8AI score

Prion•added 2022/09/14 3:15 a.m.•15 views

Input validation

7.5CVSS9.4AI score0.0023EPSS

CVE•added 2022/09/14 2:58 a.m.•40 views

CVE-2022-34831

Keyfactor PrimeKey EJBCA (before 7.9.0) is vulnerable to an ACME-related issue where, after DNS identifiers are validated in the ACME challenge, a non‑compliant client can add extra dnsNames in the CSR at finalize, causing EJBCA to issue a certificate containing unvalidated identifiers. This bypa...

9.8CVSS9.4AI score0.0023EPSS