CVE DATABASE / CVE-2008-4315
CVE-2008-4315
CVSS 6.8 · MEDIUM
Summary
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
CVSS 2.0 breakdown
| Base score | 6.8 (MEDIUM) |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Affected products
Redhat enterprise linuxRedhat enterprise linux desktopOpenpegasus openpegasus wbem
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://osvdb.org/50278
- http://secunia.com/advisories/32862
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securitytracker.com/id?1021281
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.