CVE-2023-34196

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Aug 3, 2023

Updated: Aug 8, 2023

CWE ID 287

Summary

CVE-2023-34196 is a vulnerability affecting the Keyfactor EJBCA certification authority software before version 8.0.0. This issue results in a partial denial of service due to an authentication problem with the RA web certificate distribution servlet at /ejbca/ra/cert. In configurations utilizing OAuth, it's possible for unauthenticated or less privileged users to gain access to sensitive CA certificate information, including attributes and public keys, posing a potential security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzabeZ
https://www.cve.org/CVERecord?id=CVE-2023-34196
https://nvd.nist.gov/vuln/detail/CVE-2023-34196

Back to Vulnerability Database

CVE-2023-34196

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations