An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.
References
Link | Resource |
---|---|
https://support.primekey.com/news/posts/ejbca-security-advisory-deserialization-bug | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-07T23:34:10
Updated: 2020-04-07T23:34:10
Reserved: 2020-04-07T00:00:00
Link: CVE-2020-11630
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-08T00:15:11.440
Modified: 2020-04-08T19:02:30.510
Link: CVE-2020-11630
JSON object: View
Redhat Information
No data.
CWE