46 matches found
CVE-2025-26787
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
EUVD-2025-204738
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
CVE-2025-26787
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
CVE-2025-26787
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
CVE-2025-26787
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
CVE-2025-26787
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...
PT-2025-52670
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.2 Description A flaw exists in the startup logic of the Keyfactor SignServer container. The Admin CLI command, designed to configure certificate access during the initial container startup, incorrectly...
CVE-2025-26787
CVE-2025-26787 affects Keyfactor SignServer prior to 7.2. The issue arises from a logic error in the SignServer container startup routine: the Admin CLI command intended to configure certificate access at the initial startup is executed on every container restart, resetting the access policy to "...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
EUVD-2025-175377
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3...
EUVD-2025-175378
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3...
EUVD-2025-175380
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...