Every CVE whose affected-product data names Primekey Ejbca, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-34831 — CVSS 9.8 (critical): An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an…
CVE-2020-11630 — CVSS 9.8 (critical): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized…
CVE-2020-11627 — CVSS 8.8 (high): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA…
CVE-2020-25276 — CVSS 7.3 (high): An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no…
CVE-2020-11629 — CVSS 7.2 (high): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows…
CVE-2020-11631 — CVSS 6.5 (medium): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user…
CVE-2020-11626 — CVSS 6.1 (medium): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in…
CVE-2025-3026 — CVSS 6.1 (medium): The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in…
CVE-2025-3027 — CVSS 6.1 (medium): The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the…
CVE-2021-40088 — CVSS 5.4 (medium): An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate…
CVE-2020-11628 — CVSS 5.3 (medium): An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote…
CVE-2022-40711 — CVSS 4.8 (medium): PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS…
CVE-2020-28942 — CVSS 4.3 (medium): An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of…
CVE-2021-40087 — CVSS 2.7 (low): An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that…
CVE-2021-40089 — CVSS 2.3 (low): An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local…
CVE-2021-40086 — CVSS 2.2 (low): An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and…