Known Vulnerabilities for products from Freeipa
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Freeipa".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-1722 | A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the ... | 5.3 - MEDIUM | 2020-04-27 | 2023-02-12 |
| CVE-2019-14867 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... | 8.8 - HIGH | 2019-11-27 | 2023-11-07 |
| CVE-2019-14826 | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker co... | 4.4 - MEDIUM | 2019-09-17 | 2019-10-09 |
| CVE-2019-10195 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... | 6.5 - MEDIUM | 2019-11-27 | 2023-11-07 |
| CVE-2017-12169 | It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permi... | 7.5 - HIGH | 2018-01-10 | 2018-04-17 |
| CVE-2017-11191 | ** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking rest... | 8.8 - HIGH | 2017-09-28 | 2023-11-07 |
| CVE-2017-2590 | A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user... | 8.1 - HIGH | 2018-07-27 | 2019-10-09 |
| CVE-2016-9575 | Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying c... | 6.3 - MEDIUM | 2018-03-13 | 2019-10-09 |
| CVE-2016-7030 | FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remot... | 7.5 - HIGH | 2017-08-28 | 2018-01-05 |
| CVE-2016-5414 | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | 7.5 - HIGH | 2017-06-27 | 2017-07-05 |
| CVE-2016-5404 | The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated ... | 6.5 - MEDIUM | 2016-09-07 | 2023-02-12 |
| CVE-2015-5284 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, whic... | 9.8 - CRITICAL | 2017-09-21 | 2017-10-04 |
| CVE-2015-5179 | FreeIPA might display user data improperly via vectors involving non-printable characters. | 7.5 - HIGH | 2017-09-20 | 2017-10-03 |
| CVE-2015-1827 | The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when proces... | 5 - MEDIUM | 2015-03-30 | 2023-02-12 |
| CVE-2014-7850 | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrar... | 4.3 - MEDIUM | 2014-11-28 | 2015-02-17 |
| CVE-2014-7828 | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requir... | 3.5 - LOW | 2014-11-19 | 2017-09-08 |
| CVE-2012-5631 | ipa 3.0 does not properly check server identity before sending credential containing cookies | 8.8 - HIGH | 2019-11-25 | 2019-12-09 |
Known software with vulnerabilities from Freeipa
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freeipa | Freeipa | - |