Ejbca
CVE-2020-11628
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)
AnalysisAI
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.) Affected products include: Primekey Ejbca. Version information: before 6.15.2.6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated critical severity (CVSS 9.8), this vulner
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 8.8), this vulnerabil
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Rated high severity (CVSS 7.3), this vulnerability i
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 7.2), this vulnerabil
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.5), this vulnerab
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.1), this vulnerab
An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerabil
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerabil
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protoc
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today