Описание
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
Ссылки
- Product
- MitigationVendor Advisory
- Product
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.0 (исключая)
cpe:2.3:a:keyfactor:ejbca:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00076
Низкий
8.2 High
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.2
github
больше 2 лет назад
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
EPSS
Процентиль: 23%
0.00076
Низкий
8.2 High
CVSS3
Дефекты
CWE-287