CVE-2017-2590

Sažetak

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Reference

http://rhn.redhat.com/errata/RHSA-2017-0388.html
http://www.securityfocus.com/bid/96557
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:26

Objavljeno

27-07-2018 - 18:29