VDB
CVE-2021-3551
CVE-2021-3551
PUBLISHED
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
EPSS 0.02% · 4.7th percentile
Risk Scores
EPSS Score
0.02%
4.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | dogtag-pki | 10.2.6+git20160317-1, 10.2.6+git20160317-1ubuntu0.1~esm1, 10.2.6-1 |
| Ubuntu:Pro:22.04:LTS | dogtag-pki | 0, 11.0.0-1ubuntu0.1~esm1, 11.0.0-1 |
| Ubuntu:18.04:LTS | dogtag-pki | *, 10.5.3-4, 10.6.0-1ubuntu1 |
| Ubuntu:20.04:LTS | dogtag-pki | 0, 10.7.3-4, 10.8.3-1ubuntu1 |
Exploit Intelligence
Timeline
- Feb 16, 2022 CVE Published
- Feb 17, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 1, 2022 EPSS Score
- Jul 24, 2022 EPSS Score
- Sep 15, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- Jun 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3551 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1959971 third-party-advisory
- https://rhn.redhat.com/errata/RHSA-2021-2235.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3551 third-party-advisory