Vulnerability Description
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rpath | Appliance Platform Agent | 2 |
Related Weaknesses (CWE)
References
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42394
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42394
FAQ
What is CVE-2008-2139?
CVE-2008-2139 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it e...
How severe is CVE-2008-2139?
CVE-2008-2139 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2139?
Check the references section above for vendor advisories and patch information. Affected products include: Rpath Appliance Platform Agent.