VYPR

EJBCA

by EJBCA

CVEs (7)

  • CVE-2020-11630CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

  • CVE-2020-11627HigApr 8, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.

  • CVE-2020-11629HigApr 8, 2020
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has…

  • CVE-2020-11631MedApr 8, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution.…

  • CVE-2025-3027MedMar 31, 2025
    risk 0.40cvss 6.1epss 0.00

    The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be…

  • CVE-2025-3026MedMar 31, 2025
    risk 0.40cvss 6.1epss 0.00

    The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an…

  • CVE-2020-11628MedApr 8, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client.…