CVE-2021-40089

Published: Aug 25, 2021Modified: Nov 21, 2024

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run.

Affected (1)

Products: Primekey: Ejbca

Primekey

1 product

Ejbca

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Primekey Ejbca	Before 7.6.0

References (2)

https://support.primekey.com/news/posts/54

Source: cve@mitre.org

Vendor Advisory

https://support.primekey.com/news/posts/54

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.