6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.061 Low
EPSS
Percentile
93.4%
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
js-jquery: prototype pollution in object’s prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python2-ipalib | < 4.6.8-5.el7 | python2-ipalib-4.6.8-5.el7.noarch.rpm |
RedHat | 7 | x86_64 | ipa-server-trust-ad | < 4.6.8-5.el7 | ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm |
RedHat | 7 | noarch | ipa-server-dns | < 4.6.8-5.el7 | ipa-server-dns-4.6.8-5.el7.noarch.rpm |
RedHat | 7 | noarch | python2-ipaclient | < 4.6.8-5.el7 | python2-ipaclient-4.6.8-5.el7.noarch.rpm |
RedHat | 7 | noarch | python2-ipaserver | < 4.6.8-5.el7 | python2-ipaserver-4.6.8-5.el7.noarch.rpm |
RedHat | 7 | noarch | ipa-python-compat | < 4.6.8-5.el7 | ipa-python-compat-4.6.8-5.el7.noarch.rpm |
RedHat | 7 | ppc64le | ipa-client | < 4.6.8-5.el7 | ipa-client-4.6.8-5.el7.ppc64le.rpm |
RedHat | 7 | ppc64 | ipa-client | < 4.6.8-5.el7 | ipa-client-4.6.8-5.el7.ppc64.rpm |
RedHat | 7 | s390x | ipa-client | < 4.6.8-5.el7 | ipa-client-4.6.8-5.el7.s390x.rpm |
RedHat | 7 | s390x | ipa-debuginfo | < 4.6.8-5.el7 | ipa-debuginfo-4.6.8-5.el7.s390x.rpm |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.061 Low
EPSS
Percentile
93.4%