CVE-2020-11630

CRITICAL

EJBCA < 6.15.2.6 and 7.x < 7.3.1.2 - Deserialization of Untrusted Data via Peers Protocol

Title source: llm

Description

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.primekey.com/news/posts/ejbca-security-advisory-deserialization-bug

Scores

CVSS v3 9.8

EPSS 0.0127

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (1)

primekey/ejbca < 6.15.2.6

Published Apr 08, 2020

Tracked Since Feb 18, 2026