CVE-2025-3027
CVE-2025-3027
Título es
CVE-2025-3027
Lun, 31/03/2025 – 11:15
Tipo
CWE-601
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-3027
Descripción en
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks.
31/03/2025
31/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Gravedad 4.0
5.10
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ejbca
Enviar en el boletín
Off
