Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 nexpose vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.3
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.1
1 EDB exploit
6.5
CVSSv3
CVE-2022-4261
Rapid7 Nexpose and InsightVM versions before 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an malicious user to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing ...
Rapid7 Insightvm
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
6.5
CVSSv3
CVE-2020-7382
Rapid7 Nexpose installer version before 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions before 6.6.40.
Rapid7 Nexpose
8.1
CVSSv3
CVE-2020-7383
A SQL Injection issue in Rapid7 Nexpose version before 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
Rapid7 Nexpose
5.3
CVSSv3
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 up to and including 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept ...
Rapid7 Nexpose
8.8
CVSSv3
CVE-2019-5630
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 up to and including 6.5.68. This issue allows malicious users to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flig...
Rapid7 Nexpose
8.8
CVSSv3
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credent...
Rapid7 Nexpose
5.3
CVSSv3
CVE-2019-5640
Rapid7 Nexpose versions before 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage...
Rapid7 Nexpose
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »