Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-03-13T13:00:00Z
Updated: 2024-09-16T22:51:45.662Z
Reserved: 2016-11-23T00:00:00
Link: CVE-2016-9575
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-13T13:29:00.217
Modified: 2024-11-21T03:01:25.270
Link: CVE-2016-9575
Redhat