VYPR

Bitnami package

ejbca

pkg:bitnami/ejbca

Vulnerabilities (9)

  • CVE-2025-3027Mar 31, 2025
    affected >= 8.0.0, < 9.1.0fixed 9.1.0

    The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected

  • CVE-2025-3026Mar 31, 2025
    affected >= 8.0.0, < 9.1.0fixed 9.1.0

    The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacke

  • CVE-2022-34831CriSep 14, 2022
    affected < 7.9.0fixed 7.9.0

    An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an ide

  • CVE-2021-40089LowAug 25, 2021
    affected < 7.6.0fixed 7.6.0

    An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With thi

  • CVE-2021-40088MedAug 25, 2021
    affected < 7.6.0fixed 7.6.0

    An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (

  • CVE-2021-40087LowAug 25, 2021
    affected < 7.6.0fixed 7.6.0

    An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrato

  • CVE-2021-40086LowAug 25, 2021
    affected < 7.6.0fixed 7.6.0

    An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the pa

  • CVE-2020-28942MedNov 19, 2020
    affected < 7.4.3fixed 7.4.3

    An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set

  • CVE-2020-25276HigSep 11, 2020
    affected >= 7.0.0, < 7.4.1fixed 7.4.1

    An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates