CVE-2020-11630

CRITICAL

Primekey Ejbca < 6.15.2.6 - Insecure Deserialization

Title source: rule

Description

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

References (1)

[Vendor Advisory] https://support.primekey.com/news/posts/ejbca-security-advisory-deserialization-bug

Scores

CVSS v3 9.8

EPSS 0.0090

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

primekey/ejbca < 6.15.2.6

Timeline

Published Apr 08, 2020

Tracked Since Feb 18, 2026