CVE-2009-0588

5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Certificate System

Timeline

PublishedMay 27

Latest updateMay 2

Description

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/certificate_system7.3

Patches

Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8q6c-cq42-3qq7: agent/request/op↗2022-05-02

▶

CVEList

CVE-2009-0588: agent/request/op↗2009-05-27

▶

📋Vendor Advisories

Red Hat

rhpki-ra: improper authorization checks in Cerificate System's Registration Authority↗2009-02-10

▶

💬Community

Bugzilla

CVE-2009-0588 rhpki-ra: improper authorization checks in Cerificate System's Registration Authority↗2009-03-05

▶