Red Hat · Ipa · CVE-2016-9575
**Name of the Vulnerable Software and Affected Versions**
Ipa versions 4.2.x through 4.4.2
**Description**
The issue allows an authenticated, unprivileged attacker to modify certificate profiles in IdM's certprofile-mod command due to improper permission checks. This could enable the attacker to issue certificates with arbitrary naming or key usage information, potentially leading to further attacks.
**Recommendations**
For Ipa versions 4.2.x, 4.3.x before 4.3.3, and 4.4.x before 4.4.3, update to version 4.3.3 or 4.4.3, respectively, to resolve the issue.
As a temporary workaround, consider restricting access to the certprofile-mod command to minimize the risk of exploitation.