CVE-2008-2139

{"id": "CVE-2008-2139", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 2.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-05-12T17:20:00.000", "references": [{"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42393", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42394", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account."}, {"lang": "es", "value": "El plugin rootpw en rPath Appliance Platform Agent 2 y 3 no revalida peticiones de un navegador con una sesi\u00f3n de administrador v\u00e1lida, incluyendo peticiones para cambiar la contrase\u00f1a, lo que facilita a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios y conservar el control sobre la cuenta de administrador."}], "lastModified": "2017-08-08T01:30:48.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rpath:appliance_platform_agent:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12171EA4-C258-49BC-880F-E1C628E97D98"}, {"criteria": "cpe:2.3:h:rpath:appliance_platform_agent:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3049D15D-AEA6-43F5-9EF4-F28BE711D944"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}