Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9575

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.

Published

2018-03-13T13:29:00.217

Last Modified

2024-11-21T03:01:25.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-863
  • Type: Primary
    CWE-285
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application freeipa freeipa 4.2.0 Yes
Application freeipa freeipa 4.2.0 Yes
Application freeipa freeipa 4.2.1 Yes
Application freeipa freeipa 4.2.2 Yes
Application freeipa freeipa 4.2.3 Yes
Application freeipa freeipa 4.2.4 Yes
Application freeipa freeipa 4.3.0 Yes
Application freeipa freeipa 4.3.1 Yes
Application freeipa freeipa 4.3.2 Yes
Application freeipa freeipa 4.4.0 Yes
Application freeipa freeipa 4.4.1 Yes
Application freeipa freeipa 4.4.2 Yes
References