Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Primekey Solutions PrimeKey EJBCA 安全漏洞
Vulnerability Description
Primekey Solutions PrimeKey EJBCA是瑞典PrimeKey Solutions(Primekey Solutions)公司的一个全功能的CA系统软件。该软件用于域内证书管理,注册和注册到证书验证等功能实现访问安全。 Primekey Solutions PrimeKey EJBCA 7.6.0之前版本存在安全漏洞,该漏洞源于应用在验证撤销操作时并未执行此检查,从而允许已知租户撤销属于另一个租户的证书。
CVSS Information
N/A
Vulnerability Type
N/A