CVE-2021-40087
LOWPrimeKey EJBCA < 7.6.0 - Cleartext Storage of Sensitive Information in Audit Log
Title source: llmDescription
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.primekey.com/news/posts/53
Scores
CVSS v3
2.7
EPSS
0.0040
EPSS Percentile
31.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
primekey/ejbca
< 7.6.0
Published
Aug 25, 2021
Tracked Since
Feb 18, 2026