An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)
References
Link | Resource |
---|---|
https://support.primekey.com/news/primekey-announcements | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-04-07 17:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-11631
Mitre link : CVE-2020-11631
JSON object : View
CWE
Products Affected
primekey
- ejbca