cvedb.io
CVE-2021-40086
LOW · CVSS 2.2
EPSS exploitation probability: 0%
Published 2021-08-25T02:15:06.233 · Last modified 2026-06-17T04:06:29.733

Summary

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.

Affected products

primekey — ejbca

Does this affect you?

Add your gear to cvedb and we'll alert you only when primekey ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.