CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

3.1CVSS7.1AI score0.00398EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:55 a.m.•10 views

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

8.2CVSS7.1AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:56 p.m.•4 views

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

9.8CVSS7AI score0.0023EPSS

Exploits0References1

NVD•added 2024/09/12 7:15 p.m.•10 views

CVE-2024-36066

3.1CVSS0.00398EPSS

Exploits0References2

Vulnrichment•added 2024/09/12 12:0 a.m.•9 views

CVE-2024-36066

7.3AI score0.00398EPSS

Exploits0References2

Cvelist•added 2024/09/12 12:0 a.m.•13 views

CVE-2024-36066

0.00398EPSS

Exploits0References2

CVE•added 2024/09/12 12:0 a.m.•58 views

CVE-2024-36066

The CVE-2024-36066 issue affects KeyFactor EJBCA’s CMP CLI client prior to version 8.3.1. The root cause is a salt length of 6 octets for the password-based MAC parameter, which does not meet RFC 4211 Section 4.4 requirements for a salt of at least 8 octets, potentially reducing resistance to dic...

3.1CVSS7.3AI score0.00398EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2023/08/03 3:15 a.m.•0 views

CVE-2023-34196

8.2CVSS7.2AI score0.00101EPSS

Exploits0References3

NVD•added 2023/08/03 3:15 a.m.•9 views

CVE-2023-34196

8.2CVSS8.1AI score0.00101EPSS

Exploits0References2

Prion•added 2023/08/03 3:15 a.m.•18 views

Authentication flaw

6.4CVSS7.9AI score0.00101EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/08/03 12:0 a.m.•15 views

CVE-2023-34196

8.2AI score0.00101EPSS

Exploits0References2

Vulnrichment•added 2023/08/03 12:0 a.m.•11 views

CVE-2023-34196

7.1AI score0.00101EPSS

Exploits0References2

Prion•added 2022/11/17 5:15 a.m.•9 views

Cross site scripting

Keyfactor EJBCA before 7.10.0 allows XSS...

4.9CVSS5.6AI score0.00677EPSS

Exploits0References1Affected Software1

CVE•added 2022/11/17 12:0 a.m.•50 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 is affected by a cross-site scripting (XSS) vulnerability. The issue is cited across multiple sources (NVD/Red Hat/CVE records) with the affected product identified as Keyfactor EJBCA versions prior to 7.10.0. The underlying cause is an XSS flaw in the web interface ...

5.4CVSS5.5AI score0.00677EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/11/17 12:0 a.m.•4 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

7.2AI score0.00677EPSS

Exploits0References1

Cvelist•added 2022/11/17 12:0 a.m.•10 views

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

5.8AI score0.00677EPSS

Exploits0References1

CNNVD•added 2022/11/17 12:0 a.m.•2 views

Keyfactor EJBCA 跨站脚本漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. A cross-site scripting vulnerability exists in Keyfactor EJBCA versions prior to 7.10.0 that stems from allowing XSS...

5.4CVSS5.4AI score0.00677EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by