CVE-2008-2139

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
ADJACENT_NETWORK
HIGH
AV:A/AC:H/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Common Weakness Enumeration
References
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
https://exchange.xforce.ibmcloud.com/vulnerabilities/42394
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
https://exchange.xforce.ibmcloud.com/vulnerabilities/42394