Ejbca Security Vulnerabilities and Issues — Ejbca CVE List

Lucene search

PrimekeyEjbca

8 matches found

CVE•added 2020/04/08 12:15 a.m.•37 views

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to th...

7.2CVSS7AI score0.00223EPSS

CVE•added 2020/11/19 5:15 p.m.•37 views

CVE-2020-28942

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, th...

4.3CVSS4.5AI score0.00096EPSS

CVE•added 2020/04/08 12:15 a.m.•35 views

CVE-2020-11631

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable o...

6.5CVSS7.2AI score0.00555EPSS

CVE•added 2020/04/08 12:15 a.m.•29 views

CVE-2020-11628

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal acce...

5.3CVSS5.3AI score0.00151EPSS

CVE•added 2020/04/08 12:15 a.m.•27 views

CVE-2020-11630

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

9.8CVSS9.3AI score0.00899EPSS

CVE•added 2020/09/11 4:15 p.m.•27 views

CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate en...

7.3CVSS7AI score0.00152EPSS

CVE•added 2020/04/08 12:15 a.m.•26 views

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.

6.1CVSS6.3AI score0.00226EPSS

CVE•added 2020/04/08 12:15 a.m.•26 views

CVE-2020-11627

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.

8.8CVSS8.8AI score0.0021EPSS