Skip to main content

Ejbca

17 CVEs product

Monthly

CVE-2025-3027 MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ejbca
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3026 MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-36066 LOW Monitor

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2023-34196 HIGH This Week

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Ejbca
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-34831 CRITICAL Act Now

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-40089 LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2021-40088 MEDIUM This Month

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-40087 LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2021-40086 LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
2.2
EPSS
0.5%
CVE-2020-28942 MEDIUM This Month

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-25276 HIGH This Week

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-11631 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ejbca
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-11630 CRITICAL Act Now

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ejbca
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-11629 HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2020-11628 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-11627 HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ejbca
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11626 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ejbca
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 5.1
MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ejbca
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 0% CVSS 3.1
LOW Monitor

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 0% CVSS 8.2
HIGH This Week

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Ejbca
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 0% CVSS 2.3
LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
EPSS 0% CVSS 2.7
LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 1% CVSS 2.2
LOW Monitor

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ejbca
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ejbca
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ejbca
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ejbca
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy