Lucene search
K
PrimekeyEjbca

16 matches found

CVE
CVE
added 2025/03/31 10:30 a.m.66 views

CVE-2025-3026

CVE-2025-3026 affects the EJBCA service, specifically version 8.0 Enterprise (not tested in higher versions). The issue arises from modifying the HTTP Host header, which lets an attacker manipulate generated links and redirect clients to a user-controlled base URL, potentially causing the client ...

6.1CVSS6.4AI score0.00215EPSS
CVE
CVE
added 2021/08/25 1:24 a.m.62 views

CVE-2021-40089

PrimeKey EJBCA up to version 7.6.0 is affected by a logic flaw in the General Purpose Custom Publisher. The publisher, which is intended to invoke a local script during publishing, could still execute when the System Configuration setting Enable External Script Access is disabled. This means that...

2.3CVSS3.7AI score0.00223EPSS
CVE
CVE
added 2025/03/31 10:31 a.m.59 views

CVE-2025-3027

Concrete details show an open redirect in EJBCA 8.0 Enterprise due to a PATH/URL modification that causes the server to redirect to an external page, enabling potential phishing. Affected component: EJBCA service; vulnerability type: open redirect; impact: misdirection to malicious sites. Exploit...

6.1CVSS6.5AI score0.00204EPSS
CVE
CVE
added 2021/08/25 1:24 a.m.57 views

CVE-2021-40088

PrimeKey EJBCA CMP RA Mode (versions prior to 7.6.0) can be configured to authenticate enrollments with a known client certificate, and the same certificate is used for revocation requests. The multi-tenancy access check applied during enrollment is not performed during revocation authentication,...

5.4CVSS5.4AI score0.0036EPSS
CVE
CVE
added 2021/08/25 1:24 a.m.56 views

CVE-2021-40087

PrimeKey EJBCA before version 7.6.0 is affected by an issue where modifications to enrollment-secret alias configurations for protocols SCEP, CMP, and EST are logged in cleartext in the audit log (administrator-accessible). The vulnerability arises from audit logging changes to alias configuratio...

4CVSS4AI score0.00412EPSS
CVE
CVE
added 2023/01/01 12:0 a.m.56 views

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community is affected by CVE-2022-40711, a stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload targeting higher-privilege users. Public remediations/patch version not specified in the provided sources. Exploitation details a...

4.8CVSS4.8AI score0.00457EPSS
CVE
CVE
added 2021/08/25 1:25 a.m.55 views

CVE-2021-40086

PrimeKey EJBCA before 7.6.0 exposes the enrollment secret for SCEP, CMP, EST, and Auto-enrollment on an administrator-viewable page; the secret is recoverable via page source inspection. Affected: versions prior to 7.6.0. Impact: potential leakage of enrollment configuration secrets. Root cause: ...

3.5CVSS4AI score0.00542EPSS
CVE
CVE
added 2020/04/07 11:34 p.m.53 views

CVE-2020-11629

EJBCA before 6.15.2.6 and 7.x before 7.3.1.2 is affected by a vulnerability in the External Command Certificate Validator . The validator allows uploading external linters to validate certificates, and is described as saving uploaded test certificates to the server. An attacker who gains access t...

7.2CVSS7AI score0.00581EPSS
CVE
CVE
added 2020/11/19 4:38 p.m.53 views

CVE-2020-28942

Summary: PrimeKey EJBCA versions prior to 7.4.3 allow enrollment with EST proxied through an RA over the Peers protocol to bypass the allowed-CA restriction for RAs. An attacker with a valid trusted client certificate and enrollment authorization can use any functioning authenticated RA connected...

4.3CVSS4.5AI score0.00361EPSS
CVE
CVE
added 2020/04/07 11:33 p.m.50 views

CVE-2020-11631

CVE-2020-11631 affects PrimeKey/EBJCA: pre-6.15.2.6 and pre-7.3.1.2 releases. A malicious user can trigger an error state in the CA UI, which enables exploitation of other bugs and can lead to privilege escalation and remote code execution . Exploitation is possible only if at least one accessibl...

6.5CVSS7.2AI score0.0105EPSS
CVE
CVE
added 2022/09/14 2:58 a.m.49 views

CVE-2022-34831

Keyfactor PrimeKey EJBCA (before 7.9.0) is vulnerable to an ACME-related issue where, after DNS identifiers are validated in the ACME challenge, a non‑compliant client can add extra dnsNames in the CSR at finalize, causing EJBCA to issue a certificate containing unvalidated identifiers. This bypa...

9.8CVSS9.4AI score0.0043EPSS
CVE
CVE
added 2020/04/07 11:34 p.m.46 views

CVE-2020-11628

Affected product: EJBCA (prior to 6.15.2.6 and 7.x prior to 7.3.1.2). Vulnerability: Restrictions intended to limit available remote protocols (CMP, ACME, REST, etc.) can be bypassed by altering the URI string sent by a client. EJBCA’s internal access control remains in place, and each protocol m...

5.3CVSS5.3AI score0.00858EPSS
CVE
CVE
added 2020/04/07 11:34 p.m.41 views

CVE-2020-11630

The CVE-2020-11630 issue affects EJBCA: versions before 6.15.2.6 and 7.x before 7.3.1.2. The root cause is improper verification during deserialization of serialized objects exchanged between nodes over the Peers protocol, allowing insecure objects to be deserialized. This addresses a high-severi...

9.8CVSS9.3AI score0.01268EPSS
CVE
CVE
added 2020/04/07 11:34 p.m.40 views

CVE-2020-11627

CVE-2020-11627 affects EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2, with a CSRF issue in the CA UI. The connected documents confirm the vulnerability description but do not provide exploitation details or remediation steps. Practical impact is a CSRF-based vulnerability in the CA management ...

8.8CVSS8.8AI score0.00452EPSS
CVE
CVE
added 2020/09/11 3:15 p.m.40 views

CVE-2020-25276

PrimeKey EJBCA 6.x and 7.x prior to 7.4.1 is affected. When enrolling via EST using a client certificate, revocation checks are not performed on that certificate, only impacting systems with EST configured and where the revoked certificate is in a role authorized to enroll new end entities. Remed...

7.3CVSS7AI score0.00491EPSS
CVE
CVE
added 2020/04/07 11:34 p.m.38 views

CVE-2020-11626

Two Cross Site Scripting (XSS) vulnerabilities affect EJBCA in the Public Web and the Certificate/CRL download servlets, affecting versions before 6.15.2.6 and 7.x before 7.3.1.2. The issue is caused by XSS flaws in these servlet components. Publicly disclosed details are limited to the existence...

6.1CVSS6.3AI score0.00393EPSS