6.5
CVE-2008-2139
- EPSS 0.36%
- Veröffentlicht 12.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rpath ≫ Appliance Platform Agent Version2
Rpath ≫ Appliance Platform Agent Version3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.278 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.5 | 10 |
AV:A/AC:H/Au:S/C:C/I:C/A:C
|
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
https://exchange.xforce.ibmcloud.com/vulnerabilities/42394