Lucene search
Veracode Vulnerability DatabaseVERACODE:24839HistoryApr 10, 2020 - 1:06 a.m.
Cross-site Request Forgery (CSRF)
2020-04-1001:06:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
49.2%
ipa is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists as a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ipa | eq | 2.0.0__23.el6_1.1 | |
| ipa | eq | 2.0.0__23.el6 | |
| ipa | eq | 2.0.0__23.el6_1.2 | |
| ipa | eq | 2.0.0__23.el6_1.1 | |
| ipa | eq | 2.0.0__23.el6 | |
| ipa | eq | 2.0.0__23.el6_1.2 |
References
freeipa.org/page/IPAv2_214
access.redhat.com/errata/RHSA-2011:1533
access.redhat.com/security/cve/CVE-2011-3636
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=747710
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/ipa.html#RHBA-2011-1533
Related
nessus
nessus
Scientific Linux Security Update : ipa on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : ipa (ELSA-2011-1533)
2023-09-07 00:00:00
RHEL 6 : ipa (RHSA-2011:1533)
2011-12-06 00:00:00
openvas
openvas
RedHat Update for ipa RHSA-2011:1533-04
2012-07-09 00:00:00
Oracle: Security Advisory (ELSA-2011-1533)
2015-10-06 00:00:00
RedHat Update for ipa RHSA-2011:1533-04
2012-07-09 00:00:00
cve
cve
CVE-2011-3636
2011-12-08 11:55:01
redhat
redhat
(RHSA-2011:1533) Moderate: ipa security and bug fix update
2011-12-06 00:00:00
oraclelinux
oraclelinux
ipa security and bug fix update
2011-12-14 00:00:00
cvelist
cvelist
CVE-2011-3636
2011-12-08 11:00:00
prion
prion
Cross site request forgery (csrf)
2011-12-08 11:55:00
nvd
nvd
CVE-2011-3636
2011-12-08 11:55:01