6.8

CVE-2011-3636

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

Data is provided by the National Vulnerability Database (NVD)
RedhatFreeipa Version <= 2.1.3
RedhatFreeipa Version0.99
RedhatFreeipa Version0.99698-20080228
RedhatFreeipa Version0.99698641-20080218
RedhatFreeipa Version1.0.0
RedhatFreeipa Version1.0.0 Updatea
RedhatFreeipa Version1.0.0 Updateb
RedhatFreeipa Version1.1.0
RedhatFreeipa Version1.1.1
RedhatFreeipa Version1.2.0
RedhatFreeipa Version1.2.1
RedhatFreeipa Version1.2.2
RedhatFreeipa Version1.9.0 Updatepre1
RedhatFreeipa Version1.9.0 Updatepre2
RedhatFreeipa Version1.9.0 Updatepre3
RedhatFreeipa Version1.9.0 Updatepre4
RedhatFreeipa Version1.9.0 Updatepre5
RedhatFreeipa Version2.0.0
RedhatFreeipa Version2.0.0 Updatepre1
RedhatFreeipa Version2.0.0 Updatepre2
RedhatFreeipa Version2.0.0 Updaterc1
RedhatFreeipa Version2.0.0 Updaterc2
RedhatFreeipa Version2.0.0 Updaterc3
RedhatFreeipa Version2.0.1
RedhatFreeipa Version2.1.0
RedhatFreeipa Version2.1.1
RedhatFreeipa Version2.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.331
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.