154 matches found
CVE-2020-11627
CVE-2020-11627 affects EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2, with a CSRF issue in the CA UI. The connected documents confirm the vulnerability description but do not provide exploitation details or remediation steps. Practical impact is a CSRF-based vulnerability in the CA management ...
CVE-2020-11627
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery CSRF issue has been found in the CA UI...
CVE-2020-11628
Affected product: EJBCA (prior to 6.15.2.6 and 7.x prior to 7.3.1.2). Vulnerability: Restrictions intended to limit available remote protocols (CMP, ACME, REST, etc.) can be bypassed by altering the URI string sent by a client. EJBCA’s internal access control remains in place, and each protocol m...
CVE-2020-11628
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols CMP, ACME, REST, etc. through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. EJBCA's internal acces...
CVE-2020-11629
EJBCA before 6.15.2.6 and 7.x before 7.3.1.2 is affected by a vulnerability in the External Command Certificate Validator . The validator allows uploading external linters to validate certificates, and is described as saving uploaded test certificates to the server. An attacker who gains access t...
CVE-2020-11629
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...
CVE-2020-11630
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes connected via the Peers protocol allows insecure objects to be deserialized...
CVE-2020-11630
The CVE-2020-11630 issue affects EJBCA: versions before 6.15.2.6 and 7.x before 7.3.1.2. The root cause is improper verification during deserialization of serialized objects exchanged between nodes over the Peers protocol, allowing insecure objects to be deserialized. This addresses a high-severi...
CVE-2020-11631
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. This is exploitable...
CVE-2020-11631
CVE-2020-11631 affects PrimeKey/EBJCA: pre-6.15.2.6 and pre-7.3.1.2 releases. A malicious user can trigger an error state in the CA UI, which enables exploitation of other bugs and can lead to privilege escalation and remote code execution . Exploitation is possible only if at least one accessibl...
Многочисленные уязвимости в EJBCA
Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...
EJBCA 4.0.7 Cross Site Scripting / User Enumeration
Hello list! I want to warn you about multiple security vulnerabilities in Enterprise Java Beans Certificate Authority EJBCA. These are Cross-Site Scripting, Brute Force and Abuse of Functionality vulnerabilities. EJBCA it's a PKI server. Citation from official web site: A Certification Authority...
EJBCA 4.0.7 - issuer Cross-Site Scripting
EJBCA 4.0.7 - issuer Cross-Site Scripting source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser o...
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...