CVE-2009-0588

medium

Description

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

References

https://bugzilla.redhat.com/show_bug.cgi?id=488706

https://bugzilla.redhat.com/show_bug.cgi?id=484828

http://www.securitytracker.com/id?1022278

http://www.securityfocus.com/bid/35104

http://www.redhat.com/support/errata/RHSA-2009-1065.html

http://secunia.com/advisories/35263

http://secunia.com/advisories/35242

Details

Source: Mitre, NVD

Published: 2009-05-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00461