CVE-2021-40087
2.7 LOWAn issue was discovered in PrimeKey EJBCA before 7.6.0
Published: 2021-08-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 2.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-312
Affected products
| Vendor | Product |
|---|---|
| primekey | ejbca |
Description
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-40087
- [Vendor advisory]https://support.primekey.com/news/posts/53
- [Vendor advisory]https://support.primekey.com/news/posts/53
Related CVEs
Same vendor
- CVE-2021-40089 — An issue was discovered in PrimeKey EJBCA before 7.6.0 (2.3 LOW)
- CVE-2021-40088 — An issue was discovered in PrimeKey EJBCA before 7.6.0 (5.4 MEDIUM)
- CVE-2021-40086 — An issue was discovered in PrimeKey EJBCA before 7.6.0 (2.2 LOW)
Same CWE
- CVE-2026-46622 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-10786 — Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain... (6.5 MEDIUM)
- CVE-2026-36176 — GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console (7.1 HIGH)
- CVE-2026-4387 — StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a...
- CVE-2026-45040 — RustFS is a distributed object storage system built in Rust