cvedb.io
CVE-2021-40087
LOW · CVSS 2.7
EPSS exploitation probability: 0%
Published 2021-08-25T02:15:08.147 · Last modified 2026-06-17T04:06:29.857

Summary

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.

Affected products

primekey — ejbca

Does this affect you?

Add your gear to cvedb and we'll alert you only when primekey ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.