CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

3.1CVSS7.1AI score0.00168EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:55 a.m.•21 views

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

8.2CVSS7.1AI score0.00352EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:56 p.m.•5 views

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

9.8CVSS7AI score0.00419EPSS

Exploits0References1

NVD•added 2024/09/12 7:15 p.m.•18 views

CVE-2024-36066

3.1CVSS0.00168EPSS

Exploits0References2

CVE•added 2024/09/12 12:0 a.m.•67 views

CVE-2024-36066

The CVE-2024-36066 issue affects KeyFactor EJBCA’s CMP CLI client prior to version 8.3.1. The root cause is a salt length of 6 octets for the password-based MAC parameter, which does not meet RFC 4211 Section 4.4 requirements for a salt of at least 8 octets, potentially reducing resistance to dic...

3.1CVSS7.3AI score0.00168EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/09/12 12:0 a.m.•12 views

CVE-2024-36066

7.3AI score0.00168EPSS

Exploits0References2

Cvelist•added 2024/09/12 12:0 a.m.•30 views

CVE-2024-36066

0.00168EPSS

Exploits0References2

NVD•added 2023/08/03 3:15 a.m.•19 views

CVE-2023-34196

8.2CVSS8.1AI score0.00352EPSS

Exploits0References2

ATTACKERKB•added 2023/08/03 3:15 a.m.•1 views

CVE-2023-34196

8.2CVSS7.2AI score0.00352EPSS

Exploits0References3

Prion•added 2023/08/03 3:15 a.m.•22 views

Authentication flaw

6.4CVSS7.9AI score0.00352EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/08/03 12:0 a.m.•13 views

CVE-2023-34196

7.1AI score0.00352EPSS

Exploits0References2

Cvelist•added 2023/08/03 12:0 a.m.•35 views

CVE-2023-34196

8.2AI score0.00352EPSS

Exploits0References2

Prion•added 2022/11/17 5:15 a.m.•16 views

Cross site scripting

Keyfactor EJBCA before 7.10.0 allows XSS...

4.9CVSS5.6AI score0.00341EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/11/17 12:0 a.m.•5 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

7.2AI score0.00341EPSS

Exploits0References1

CNNVD•added 2022/11/17 12:0 a.m.•3 views

Keyfactor EJBCA 跨站脚本漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. A cross-site scripting vulnerability exists in Keyfactor EJBCA versions prior to 7.10.0 that stems from allowing XSS...

5.4CVSS5.4AI score0.00341EPSS

Exploits0References2

Cvelist•added 2022/11/17 12:0 a.m.•29 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

5.8AI score0.00341EPSS

Exploits0References1

Positive Technologies•added 2022/11/17 12:0 a.m.•4 views

PT-2022-26678 · Keyfactor · Keyfactor Ejbca

Name of the Vulnerable Software and Affected Versions: Keyfactor EJBCA versions prior to 7.10.0 Description: The issue allows for Cross-Site Scripting XSS, which is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take...

5.4CVSS5.5AI score0.00341EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by