Vulnerabilities > Rpath > Appliance Platform Agent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-12 | CVE-2008-2140 | Cross-Site Request Forgery (CSRF) vulnerability in Rpath Appliance Platform Agent 2/3 Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. | 2.6 |
| 2008-05-12 | CVE-2008-2139 | Permissions, Privileges, and Access Controls vulnerability in Rpath Appliance Platform Agent 2/3 The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | 6.5 |