HIGH🇵🇱 Wersja polska

CVE-2017-2590

CVSS 8.1v3.0pub. 2018-07-27upd. 2024-11-21

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Freeipa

    APP
    Freeipa
    < 4.4.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.37.4
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    7.37.47.5
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...