Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-3636

Опубликовано: 08 дек. 2011
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*
Версия до 2.1.3 (включая)
cpe:2.3:a:redhat:freeipa:0.99:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:0.99698-20080228:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:0.99698641-20080218:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.0.0:a:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.0.0:b:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.9.0:pre1:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.9.0:pre2:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.9.0:pre3:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.9.0:pre4:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:1.9.0:pre5:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:pre1:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:pre2:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:freeipa:2.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.00157
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

redhat логотип

CVE-2011-3636

redhat
почти 14 лет назад

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

github логотип

GHSA-62x7-6pjw-j8fh

github
больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

oracle-oval логотип

ELSA-2011-1533

oracle-oval
почти 14 лет назад

ELSA-2011-1533: ipa security and bug fix update (MODERATE)

EPSS

Процентиль: 37%
0.00157
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352
Уязвимость CVE-2011-3636