CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

CVE-2025-3027 Open Redirect vulnerability in EJBCA

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially...

EJBCA 输入验证错误漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. An input validation error vulnerability exists in EJBCA version 8.0 that stems from a URL path modification that could result in a redirection to a malicious site...

PT-2024-26877 · Keyfactor · Keyfactor Ejbca

Name of the Vulnerable Software and Affected Versions: KeyFactor EJBCA versions prior to 8.3.1 Description: The issue concerns the CMP CLI client in KeyFactor EJBCA, which has a hardcoded salt that is only 6 octets long. This is not compliant with the security requirements of RFC 4211, which...