EJBCA
by Keyfactor
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34831 | Cri | 0.64 | 9.8 | 0.00 | Sep 14, 2022 | An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an… | ||
| CVE-2023-34196 | Hig | 0.53 | 8.2 | 0.00 | Aug 3, 2023 | In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less… | ||
| CVE-2022-42954 | Med | 0.35 | 5.4 | 0.00 | Nov 17, 2022 | Keyfactor EJBCA before 7.10.0 allows XSS. |
- risk 0.64cvss 9.8epss 0.00
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an…
- risk 0.53cvss 8.2epss 0.00
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less…
- risk 0.35cvss 5.4epss 0.00
Keyfactor EJBCA before 7.10.0 allows XSS.