CVE-2020-11628

EPSS 0.15%
Veröffentlicht 08.04.2020 00:15:11
Zuletzt bearbeitet 21.11.2024 04:58:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Primekey ≫ Ejbca SwEditionenterprise Version < 6.15.2.6

Primekey ≫ Ejbca SwEditionenterprise Version >= 7.0.0 < 7.3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.363

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://support.primekey.com/news/posts/ejbca-security-advisory-protocol-access-control-bypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11628

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-11628