Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 nexpose vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1699
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an malicious user to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
Rapid7 Nexpose
NA
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 up to and including 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept ...
Rapid7 Nexpose
NA
CVE-2017-5242
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.
Rapid7 Insightvm
NA
CVE-2022-4261
Rapid7 Nexpose and InsightVM versions before 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an malicious user to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing ...
Rapid7 Insightvm
Rapid7 Nexpose
4.3
CVSSv2
CVE-2022-0758
Rapid7 Nexpose versions 6.6.129 and previous versions suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the oppor...
Rapid7 Nexpose
6.5
CVSSv2
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and previous versions are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated malicious user to manipulate the "ANY" and "OR"...
Rapid7 Nexpose
5
CVSSv2
CVE-2019-5640
Rapid7 Nexpose versions before 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage...
Rapid7 Nexpose
5.5
CVSSv2
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
4.3
CVSSv2
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through th...
Rapid7 Nexpose
5.5
CVSSv2
CVE-2020-7383
A SQL Injection issue in Rapid7 Nexpose version before 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
Rapid7 Nexpose
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »