cvedb.io
CVE-2021-40089
LOW · CVSS 2.3
EPSS exploitation probability: 0%
Published 2021-08-25T02:15:08.280 · Last modified 2026-06-17T04:06:30.103

Summary

An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run.

Affected products

primekey — ejbca

Does this affect you?

Add your gear to cvedb and we'll alert you only when primekey ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.