VYPR
Unrated severityNVD Advisory· Published May 12, 2008· Updated Jun 16, 2026

CVE-2008-2139

CVE-2008-2139

Description

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Affected products

3
  • cpe:2.3:h:rpath:appliance_platform_agent:2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:h:rpath:appliance_platform_agent:2:*:*:*:*:*:*:*
    • cpe:2.3:h:rpath:appliance_platform_agent:3:*:*:*:*:*:*:*
    • (no CPE)range: 2 and 3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.