CVE-2009-0588

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
redhatcertificate_system
7.3
redhatdogtag_certificate_system
*
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/35242
http://secunia.com/advisories/35263
http://www.redhat.com/support/errata/RHSA-2009-1065.html
http://www.securityfocus.com/bid/35104
http://www.securitytracker.com/id?1022278
https://bugzilla.redhat.com/show_bug.cgi?id=484828
https://bugzilla.redhat.com/show_bug.cgi?id=488706
http://secunia.com/advisories/35242
http://secunia.com/advisories/35263
http://www.redhat.com/support/errata/RHSA-2009-1065.html
http://www.securityfocus.com/bid/35104
http://www.securitytracker.com/id?1022278
https://bugzilla.redhat.com/show_bug.cgi?id=484828
https://bugzilla.redhat.com/show_bug.cgi?id=488706