CVE-2017-2590

Name of the Vulnerable Software and Affected Versions: ipa versions prior to 4.4

Description: A flaw was discovered in the way IdM's ca-del, ca-disable, and ca-enable commands handle user permissions when modifying CAs in Dogtag. This issue allows an authenticated, unauthorized attacker to delete, disable, or enable CAs, potentially causing denial of service problems related to certificate issuance, OCSP signing, and deletion of secret keys.

Recommendations: For versions prior to 4.4, update to version 4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ca-del, ca-disable, and ca-enable commands to authorized users only until a patch is available.