// For flags

CVE-2008-2139

 

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

El plugin rootpw en rPath Appliance Platform Agent 2 y 3 no revalida peticiones de un navegador con una sesión de administrador válida, incluyendo peticiones para cambiar la contraseña, lo que facilita a atacantes próximos físicamente obtener privilegios y conservar el control sobre la cuenta de administrador.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-05-12 CVE Reserved
  • 2008-05-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rpath
Search vendor "Rpath"
 Appliance Platform Agent
Search vendor "Rpath" for product "Appliance Platform Agent"
 2
Search vendor "Rpath" for product "Appliance Platform Agent" and version "2"
-
Affected
Rpath
Search vendor "Rpath"
 Appliance Platform Agent
Search vendor "Rpath" for product "Appliance Platform Agent"
 3
Search vendor "Rpath" for product "Appliance Platform Agent" and version "3"
-
Affected