CVE-2020-11631

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*

Information

Published : 2020-04-07 17:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-11631

Mitre link : CVE-2020-11631


JSON object : View

Advertisement

dedicated server usa

Products Affected

primekey

  • ejbca