{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T21:43:14.747","vulnerabilities":[{"cve":{"id":"CVE-2021-40087","sourceIdentifier":"cve@mitre.org","published":"2021-08-25T02:15:08.147","lastModified":"2024-11-21T06:23:31.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST."},{"lang":"es","value":"Se ha detectado un problema en PrimeKey EJBCA versiones anteriores a 7.6.0. Cuando se registraban cambios de auditoría en las configuraciones de alias de varios protocolos que usan un secreto de inscripción, cualquier modificación del secreto se registraba en texto sin cifrar en el registro de auditoría (que sólo puede ser visualizado por un administrador). Esto afecta al uso de cualquiera de los siguientes protocolos: SCEP, CMP o EST."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"7.6.0","matchCriteriaId":"69AD9042-C5D5-4D8D-8243-072E5D69E223"}]}]}],"references":[{"url":"https://support.primekey.com/news/posts/53","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://support.primekey.com/news/posts/53","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}