Authentication flaw

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2020-25276

PrimeKey EJBCA 6.x and 7.x prior to 7.4.1 is affected. When enrolling via EST using a client certificate, revocation checks are not performed on that certificate, only impacting systems with EST configured and where the revoked certificate is in a role authorized to enroll new end entities. Remed...

PT-2020-16057 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions 6.x through 7.4.0 Description: An issue was discovered where no revocation check is performed on a client certificate when enrolling over the EST protocol. This can affect systems with EST configured, using client...

PrimeKey Solutions EJBCA Cross-Site Scripting Vulnerability

PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. A cross-site scripting vulnerability exists in PrimeKey Solutions EJBCA, which can be exploited by an attacker to compromise integrity...

PrimeKey Solutions EJBCA Input Validation Error Vulnerability

PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. PrimeKey Solutions EJBCA suffers from an input validation error vulnerability that can be exploited by an attacker to cause privilege escalation and remote code executio...

Unspecified Vulnerability in PrimeKey Solutions EJBCA

PrimeKey Solutions EJBCA is a software PKI certificate authority package from PrimeKey Solutions, Sweden. A security vulnerability exists in PrimeKey Solutions EJBCA versions prior to 6.15.2.6 and 7.x versions prior to 7.3.1.2. An attacker can exploit this vulnerability to bypass security...

PrimeKey Solutions EJBCA Cross-Site Request Forgery Vulnerability

PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. PrimeKey Solutions EJBCA suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

PrimeKey Solutions EJBCA Code Issue Vulnerability

PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. PrimeKey Solutions EJBCA suffers from a code issue vulnerability, no details of the vulnerability are provided at this time...

PrimeKey Solutions EJBCA Code Issue Vulnerability (CNVD-2020-22248)

PrimeKey Solutions EJBCA is a software PKI certificate authority package from PrimeKey Solutions, Sweden. A security vulnerability exists in PrimeKey Solutions EJBCA versions prior to 6.15.2.6 and 7.x versions prior to 7.3.1.2. An attacker could exploit the vulnerability to upload malicious scrip...