CVE-2021-40089 — LOW (2.3) — White Hats Nepal

Q: How severe is CVE-2021-40089?

CVE-2021-40089 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-40089?

Check the references section above for vendor advisories and patch information. Affected products include: Primekey Ejbca.

Vulnerability Description

An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run.

CVSS Score

2.3

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Primekey	Ejbca	< 7.6.0

References

https://support.primekey.com/news/posts/54Vendor Advisory
https://support.primekey.com/news/posts/54Vendor Advisory

FAQ

What is CVE-2021-40089?

CVE-2021-40089 is a vulnerability with a CVSS score of 2.3 (LOW). An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the S...

How severe is CVE-2021-40089?

CVE-2021-40089 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40089?

Check the references section above for vendor advisories and patch information. Affected products include: Primekey Ejbca.