Lucene search

K
cve[email protected]CVE-2008-2139
HistoryMay 12, 2008 - 5:20 p.m.

CVE-2008-2139

2008-05-1217:20:00
CWE-264
web.nvd.nist.gov
23
security
rpath appliance platform
rootpw
privilege escalation
cve-2008-2139

6.7 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.6%

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Affected configurations

NVD
Node
rpathappliance_platform_agentMatch2
OR
rpathappliance_platform_agentMatch3

6.7 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.6%

Related for CVE-2008-2139