Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

rapid7 security vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 NexposeRapid7 Nexpose 5.5.1Rapid7 Nexpose 5.4.12Rapid7 Nexpose 5.4.11Rapid7 Nexpose 5.4.10Rapid7 Nexpose 5.4.5Rapid7 Nexpose 5.4.4Rapid7 Nexpose 5.4.3Rapid7 Nexpose 5.4.2Rapid7 Nexpose 5.4.9Rapid7 Nexpose 5.4.7Rapid7 Nexpose 5.4Rapid7 Nexpose 5.4.8Rapid7 Nexpose 5.4.6Rapid7 Nexpose 5.4.1
6.1
CVSSv3
CVE-2012-6494
Rapid7 Nexpose prior to 5.5.4 contains a session hijacking vulnerability which allows remote malicious users to capture a user's session and gain unauthorized access.
Rapid7 Nexpose
6.1
CVSSv3
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through th...
Rapid7 Nexpose
8.8
CVSSv3
CVE-2019-5630
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 up to and including 6.5.68. This issue allows malicious users to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flig...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
4.8
CVSSv3
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that ...
Rapid7 Velociraptor
6.5
CVSSv3
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files a...
Rapid7 Insightvm
8.8
CVSSv3
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credent...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user acc...
Rapid7 Insightvm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065open redirectCVE-2024-1086path traversalCVE-2024-29825XXECVE-2024-29822CVE-2024-20696CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook