13 matches found
EUVD-2021-27275
Malware in sbrugna...
EUVD-2021-27276
Malware in sbrugna...
BIT-EJBCA-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
BIT-EJBCA-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40086
PrimeKey EJBCA before 7.6.0 exposes the enrollment secret for SCEP, CMP, EST, and Auto-enrollment on an administrator-viewable page; the secret is recoverable via page source inspection. Affected: versions prior to 7.6.0. Impact: potential leakage of enrollment configuration secrets. Root cause: ...