CVE-2008-2139

Sažetak

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Reference

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
https://exchange.xforce.ibmcloud.com/vulnerabilities/42394

CVSS

Base:	6.5
Impact:	10.0
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:H/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:30

Objavljeno

12-05-2008 - 17:20