CVE-2020-11630

Published: Apr 8, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

Affected (2)

Products: Primekey: Ejbca

Primekey

1 product

Ejbca

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Primekey Ejbca	Before 6.15.2.6
Primekey Ejbca	From 7.0.0 to 7.3.1.2

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://support.primekey.com/news/posts/ejbca-security-advisory-deserialization-bug

Source: cve@mitre.org

Vendor Advisory

https://support.primekey.com/news/posts/ejbca-security-advisory-deserialization-bug

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.