CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2140
https://notcve.org/view.php?id=CVE-2008-2140
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el plugin rootpw en rPath Appliance Platform Agent 2 y 3 permite a atacantes remotos reiniciar la contraseña de root como administrador a través de una URL manipulada. • http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/42393 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2139
https://notcve.org/view.php?id=CVE-2008-2139
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. El plugin rootpw en rPath Appliance Platform Agent 2 y 3 no revalida peticiones de un navegador con una sesión de administrador válida, incluyendo peticiones para cambiar la contraseña, lo que facilita a atacantes próximos físicamente obtener privilegios y conservar el control sobre la cuenta de administrador. • http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/42393 https://exchange.xforce.ibmcloud.com/vulnerabilities/42394 • CWE-264: Permissions, Privileges, and Access Controls •