IPA
by Red Hat
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5631 | Hig | 0.57 | 8.8 | 0.02 | Nov 25, 2019 | ipa 3.0 does not properly check server identity before sending credential containing cookies | ||
| CVE-2023-5455 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system… | ||
| CVE-2020-1722 | Med | 0.35 | 5.3 | 0.01 | Apr 27, 2020 | A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat… |
- risk 0.57cvss 8.8epss 0.02
ipa 3.0 does not properly check server identity before sending credential containing cookies
- risk 0.42cvss 6.5epss 0.01
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system…
- risk 0.35cvss 5.3epss 0.01
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat…