CVE-2020-11630

Severity CVSS v4.0:
Pending analysis
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
08/04/2020
Last modified:
08/04/2020

Description

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:* 6.15.2.6 (excluding)
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:* 7.0.0 (including) 7.3.1.2 (excluding)