QSearchQSearch

CVE-2021-40088

5.4 MEDIUM

An issue was discovered in PrimeKey EJBCA before 7.6.0

Published: 2021-08-25 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.4 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE
CWE-862

Affected products

VendorProduct
primekeyejbca

Description

An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-40089 An issue was discovered in PrimeKey EJBCA before 7.6.0 (2.3 LOW)
  • CVE-2021-40087 An issue was discovered in PrimeKey EJBCA before 7.6.0 (2.7 LOW)
  • CVE-2021-40086 An issue was discovered in PrimeKey EJBCA before 7.6.0 (2.2 LOW)

Same CWE

  • CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
  • CVE-2026-53866 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
  • CVE-2026-53851 OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
  • CVE-2026-53850 OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)
  • CVE-2026-53844 OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated call... (6.5 MEDIUM)