Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NKeyfactor Command
APPKeyfactor10.5.011.5.0
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2024-42006HIGH7.5ten sam vendor
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.
CVE-2023-34196HIGH8.2ten sam vendor
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial...
CVE-2025-26787MEDIUM4.7ten sam vendor
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. Th...
CVE-2025-47222MEDIUM6.5ten sam vendor
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class n...
CVE-2025-47220MEDIUM5.3ten sam vendor
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNA...