Lucene search

[email protected]CVE-2008-2139

HistoryMay 12, 2008 - 5:20 p.m.

CVE-2008-2139

2008-05-1217:20:00

CWE-264

[email protected]

web.nvd.nist.gov

security

rpath appliance platform

rootpw

privilege escalation

cve-2008-2139

6.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Affected configurations

NVD

Node

rpathappliance_platform_agentMatch2

rpathappliance_platform_agentMatch3

CPENameOperatorVersion
rpath:appliance_platform_agentrpath appliance platform agenteq2
rpath:appliance_platform_agentrpath appliance platform agenteq3

CPE	Name	Operator	Version
rpath:appliance_platform_agent	rpath appliance platform agent	eq	2
rpath:appliance_platform_agent	rpath appliance platform agent	eq	3

References

wiki.rpath.com/wiki/Advisories:rPSA-2008-0148

exchange.xforce.ibmcloud.com/vulnerabilities/42393

exchange.xforce.ibmcloud.com/vulnerabilities/42394

6.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2008-2139

nvd1 prion1 cvelist1