CVE-2008-4315

critical

Description

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431

https://exchange.xforce.ibmcloud.com/vulnerabilities/46830

https://bugzilla.redhat.com/show_bug.cgi?id=472017

https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10

https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9

http://www.securitytracker.com/id?1021281

http://www.redhat.com/support/errata/RHSA-2008-1001.html

http://secunia.com/advisories/32862

http://osvdb.org/50278

Details

Source: Mitre, NVD

Published: 2008-11-27

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical