Vulnerabilities > CVE-2020-11628 - Incorrect Authorization vulnerability in Primekey Ejbca 7.0.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
primekey
CWE-863

Summary

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)

Vulnerable Configurations

Part Description Count
Application
Primekey
2

Common Weakness Enumeration (CWE)