4.6
CVE-2008-5099
- EPSS 0.07%
- Published 17.11.2008 18:18:47
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.
Data is provided by the National Vulnerability Database (NVD)
Sun ≫ Logical Domain Manager Version1.0 Update_nil_ Editionsparc
Sun ≫ Logical Domain Manager Version1.0.1 Update_nil_ Editionsparc
Sun ≫ Logical Domain Manager Version1.0.2 Update_nil_ Editionsparc
Sun ≫ Logical Domain Manager Version1.0.3 Update_nil_ Editionsparc
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.176 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.