Описание
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:rpath:appliance_platform_agent:2:*:*:*:*:*:*:*
cpe:2.3:h:rpath:appliance_platform_agent:3:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
EPSS
Процентиль: 27%
0.00097
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264