CVE-2021-40089

Name of the Vulnerable Software and Affected Versions PrimeKey EJBCA versions prior to 7.6.0

Description An issue was found where the General Purpose Custom Publisher could still run even when the System Configuration setting Enable External Script Access was disabled. Although this setting prevents the creation of new publishers, existing publishers would continue to run.

Recommendations For versions prior to 7.6.0, update to version 7.6.0 or later to resolve the issue. As a temporary workaround, consider disabling existing General Purpose Custom Publishers to minimize the risk of exploitation.