CVE-2021-3551 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-3551

CVE-2021-3551

February 16, 2022

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Related Resources (6)

https://access.redhat.com/security/cve/CVE-2021-3551

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3551

https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6

https://security-tracker.debian.org/tracker/CVE-2021-3551

https://bugzilla.redhat.com/show_bug.cgi?id=1959971

https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

4.4

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools