Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 nexpose vulnerabilities and exploits
(subscribe to this query)
606
VMScore
CVE-2019-5630
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 up to and including 6.5.68. This issue allows malicious users to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flig...
Rapid7 Nexpose
490
VMScore
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
445
VMScore
CVE-2019-5640
Rapid7 Nexpose versions before 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage...
Rapid7 Nexpose
383
VMScore
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through th...
Rapid7 Nexpose
383
VMScore
CVE-2012-6494
Rapid7 Nexpose prior to 5.5.4 contains a session hijacking vulnerability which allows remote malicious users to capture a user's session and gain unauthorized access.
Rapid7 Nexpose
578
VMScore
CVE-2017-5230
The Java keystore in all versions and editions of Rapid7 Nexpose before 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
Rapid7 Nexpose
1 Github repository
605
VMScore
CVE-2017-5232
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Nexpose
605
VMScore
CVE-2017-5243
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and ...
Rapid7 Nexpose
685
VMScore
CVE-2017-5264
Versions of Nexpose before 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Rapid7 Nexpose
1 EDB exploit
312
VMScore
CVE-2016-9757
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4...
Rapid7 Nexpose 6.4.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »