In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
History

Thu, 17 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-03T00:00:00

Updated: 2024-10-17T16:37:58.366Z

Reserved: 2023-05-30T00:00:00

Link: CVE-2023-34196

cve-icon Vulnrichment

Updated: 2024-08-02T16:01:54.234Z

cve-icon NVD

Status : Modified

Published: 2023-08-03T03:15:10.480

Modified: 2024-11-21T08:06:45.250

Link: CVE-2023-34196

cve-icon Redhat

No data.