CVE-2011-3636

EUVD-2011-3595
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
redhatfreeipa
𝑥
≤ 2.1.3
redhatfreeipa
0.99
redhatfreeipa
0.99698-20080228
redhatfreeipa
0.99698641-20080218
redhatfreeipa
1.0.0
redhatfreeipa
1.0.0:a
redhatfreeipa
1.0.0:b
redhatfreeipa
1.1.0
redhatfreeipa
1.1.1
redhatfreeipa
1.2.0
redhatfreeipa
1.2.1
redhatfreeipa
1.2.2
redhatfreeipa
1.9.0:pre1
redhatfreeipa
1.9.0:pre2
redhatfreeipa
1.9.0:pre3
redhatfreeipa
1.9.0:pre4
redhatfreeipa
1.9.0:pre5
redhatfreeipa
2.0.0
redhatfreeipa
2.0.0:pre1
redhatfreeipa
2.0.0:pre2
redhatfreeipa
2.0.0:rc1
redhatfreeipa
2.0.0:rc2
redhatfreeipa
2.0.0:rc3
redhatfreeipa
2.0.1
redhatfreeipa
2.1.0
redhatfreeipa
2.1.1
redhatfreeipa
2.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://freeipa.org/page/IPAv2_214
http://freeipa.org/page/IPAv2_214