Lucene search
+L

154 matches found

cve
cve
added 2020/04/07 11:34 p.m.40 views

CVE-2020-11627

CVE-2020-11627 affects EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2, with a CSRF issue in the CA UI. The connected documents confirm the vulnerability description but do not provide exploitation details or remediation steps. Practical impact is a CSRF-based vulnerability in the CA management ...

8.8CVSS8.8AI score0.00452EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/04/07 11:34 p.m.24 views

CVE-2020-11627

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery CSRF issue has been found in the CA UI...

8.9AI score0.00452EPSS
Exploits0References1
cve
cve
added 2020/04/07 11:34 p.m.46 views

CVE-2020-11628

Affected product: EJBCA (prior to 6.15.2.6 and 7.x prior to 7.3.1.2). Vulnerability: Restrictions intended to limit available remote protocols (CMP, ACME, REST, etc.) can be bypassed by altering the URI string sent by a client. EJBCA’s internal access control remains in place, and each protocol m...

5.3CVSS5.3AI score0.00858EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/04/07 11:34 p.m.19 views

CVE-2020-11628

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols CMP, ACME, REST, etc. through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. EJBCA's internal acces...

5.3AI score0.00858EPSS
Exploits0References1
cve
cve
added 2020/04/07 11:34 p.m.53 views

CVE-2020-11629

EJBCA before 6.15.2.6 and 7.x before 7.3.1.2 is affected by a vulnerability in the External Command Certificate Validator . The validator allows uploading external linters to validate certificates, and is described as saving uploaded test certificates to the server. An attacker who gains access t...

7.2CVSS7AI score0.00581EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/04/07 11:34 p.m.28 views

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

7AI score0.00581EPSS
Exploits0References1
cvelist
cvelist
added 2020/04/07 11:34 p.m.20 views

CVE-2020-11630

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes connected via the Peers protocol allows insecure objects to be deserialized...

9.4AI score0.01268EPSS
Exploits0References1
cve
cve
added 2020/04/07 11:34 p.m.42 views

CVE-2020-11630

The CVE-2020-11630 issue affects EJBCA: versions before 6.15.2.6 and 7.x before 7.3.1.2. The root cause is improper verification during deserialization of serialized objects exchanged between nodes over the Peers protocol, allowing insecure objects to be deserialized. This addresses a high-severi...

9.8CVSS9.3AI score0.01268EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/04/07 11:33 p.m.23 views

CVE-2020-11631

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. This is exploitable...

7.2AI score0.0105EPSS
Exploits0References1
cve
cve
added 2020/04/07 11:33 p.m.50 views

CVE-2020-11631

CVE-2020-11631 affects PrimeKey/EBJCA: pre-6.15.2.6 and pre-7.3.1.2 releases. A malicious user can trigger an error state in the CA UI, which enables exploitation of other bugs and can lead to privilege escalation and remote code execution . Exploitation is possible only if at least one accessibl...

6.5CVSS7.2AI score0.0105EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.37 views

Многочисленные уязвимости в EJBCA

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...

6.2AI score
Exploits0
packetstorm
packetstorm
added 2012/03/11 12:0 a.m.26 views

EJBCA 4.0.7 Cross Site Scripting / User Enumeration

Hello list! I want to warn you about multiple security vulnerabilities in Enterprise Java Beans Certificate Authority EJBCA. These are Cross-Site Scripting, Brute Force and Abuse of Functionality vulnerabilities. EJBCA it's a PKI server. Citation from official web site: A Certification Authority...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2012/03/11 12:0 a.m.10 views

EJBCA 4.0.7 - issuer Cross-Site Scripting

EJBCA 4.0.7 - issuer Cross-Site Scripting source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser o...

0.1AI score
Exploits0
exploitdb
exploitdb
added 2012/03/11 12:0 a.m.22 views

EJBCA 4.0.7 - 'issuer' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

7.4AI score
Exploits0
Rows per page
Query Builder