{"id":"CVE-2016-9575","details":"Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.","modified":"2026-03-14T14:21:29.883759Z","published":"2018-03-13T13:29:00.217Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0001.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95068"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395311"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeipa/freeipa","events":[{"introduced":"0"},{"last_affected":"218de5bff792f5ac40d9b3eebc22f19696e5091e"},{"introduced":"0"},{"last_affected":"60fe517c9b4cc8e6d96605043b2c7685b39bc0ab"},{"introduced":"0"},{"last_affected":"06cedeec3fb4ac2d9de76c5090ffa75d5076c63c"},{"introduced":"0"},{"last_affected":"f6f1a21a6a07879028d58700a5887b4d6cf72912"},{"introduced":"0"},{"last_affected":"a1d3bafcbdb7a100953e61fe42daa1d4cd97ed54"},{"introduced":"0"},{"last_affected":"b402a8dc0fe0ff567a61c7ddde26f66e4f470e24"},{"introduced":"0"},{"last_affected":"43d5c02f8ccb69e07238ac988b849c3722af877c"},{"introduced":"0"},{"last_affected":"78a6434e323ebc357472745d97627065ae5b8169"},{"introduced":"0"},{"last_affected":"4c1d737656f117a85845fdcd49cbe71459d392e7"},{"introduced":"0"},{"last_affected":"5a3c3c73c2a59c3f42aefa90feef72a774edd1dc"},{"introduced":"0"},{"last_affected":"3c542b987860322ca50cfd2e4eb8827b79071d9e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"0"},{"last_affected":"4.2.2"},{"introduced":"0"},{"last_affected":"4.2.3"},{"introduced":"0"},{"last_affected":"4.2.4"},{"introduced":"0"},{"last_affected":"4.3.0"},{"introduced":"0"},{"last_affected":"4.3.1"},{"introduced":"0"},{"last_affected":"4.3.2"},{"introduced":"0"},{"last_affected":"4.4.0"},{"introduced":"0"},{"last_affected":"4.4.1"},{"introduced":"0"},{"last_affected":"4.4.2"}]}}],"versions":["alpha-1-9-0","alpha_1-4-2-0","alpha_2-1-9-0","alpha_3-1-9-0","alpha_4-1-9-0","alpha_5-1-9-0","alpha_5-1-9-0-1","beta_1-2-0-0","beta_1-3-0-0","beta_1-3-2-0","beta_1-3-3-0","beta_2-3-0-0","beta_2-3-3-0","milestone_2","milestone_3","milestone_4","milestone_4_1","milestone_6","rc_1-2-0-0","rc_2-2-0-0","rc_3-2-0-0","release-1-0-0","release-1-1-0","release-2-0-0","release-2-1-0","release-3-1-0","release-3-2-0","release-3-2-0-pre1","release-3-3-0","release-4-0-0","release-4-2-0","release-4-2-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9575.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.2.0-alpha1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}