CVE-2011-3636

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
redhatfreeipa
𝑥
≤ 2.1.3
redhatfreeipa
0.99
redhatfreeipa
0.99698-20080228
redhatfreeipa
0.99698641-20080218
redhatfreeipa
1.0.0
redhatfreeipa
1.0.0:a
redhatfreeipa
1.0.0:b
redhatfreeipa
1.1.0
redhatfreeipa
1.1.1
redhatfreeipa
1.2.0
redhatfreeipa
1.2.1
redhatfreeipa
1.2.2
redhatfreeipa
1.9.0:pre1
redhatfreeipa
1.9.0:pre2
redhatfreeipa
1.9.0:pre3
redhatfreeipa
1.9.0:pre4
redhatfreeipa
1.9.0:pre5
redhatfreeipa
2.0.0
redhatfreeipa
2.0.0:pre1
redhatfreeipa
2.0.0:pre2
redhatfreeipa
2.0.0:rc1
redhatfreeipa
2.0.0:rc2
redhatfreeipa
2.0.0:rc3
redhatfreeipa
2.0.1
redhatfreeipa
2.1.0
redhatfreeipa
2.1.1
redhatfreeipa
2.1.2
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ipa-admintools
RHEL 6
0:2.1.3-9.el6
fixed
ipa-client
RHEL 6
0:2.1.3-9.el6
fixed
ipa-python
RHEL 6
0:2.1.3-9.el6
fixed
ipa-server
RHEL 6
0:2.1.3-9.el6
fixed
ipa-server-selinux
RHEL 6
0:2.1.3-9.el6
fixed
Common Weakness Enumeration
References
http://freeipa.org/page/IPAv2_214
http://freeipa.org/page/IPAv2_214