4

CVE-2021-40087

EPSS 0.1%
Veröffentlicht 25.08.2021 02:15:08
Zuletzt bearbeitet 21.11.2024 06:23:31
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Primekey ≫ Ejbca SwEditionenterprise Version < 7.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.241

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://support.primekey.com/news/posts/53

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40087

EUVD