Vulnerabilites related to rapid7 - nexpose
CVE-2023-1699 (GCVE-0-2023-1699)
Vulnerability from cvelistv5
Published
2023-03-30 09:26
Modified
2025-02-11 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Summary
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:12:05.970309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:12:14.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.186",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Casey Cooper"
}
],
"datePublic": "2023-03-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.\u0026nbsp; This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.\u00a0 This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.\u00a0\u00a0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T09:26:13.515Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Forced Browsing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-1699",
"datePublished": "2023-03-30T09:26:13.515Z",
"dateReserved": "2023-03-29T14:17:15.354Z",
"dateUpdated": "2025-02-11T20:12:14.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0758 (GCVE-0-2022-0758)
Vulnerability from cvelistv5
Published
2022-03-17 22:30
Modified
2024-09-16 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220309/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.129",
"status": "affected",
"version": "6.6.129",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aleksey Solovev"
}
],
"datePublic": "2022-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T22:30:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220309/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-09T00:00:00.000Z",
"ID": "CVE-2022-0758",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "6.6.129",
"version_value": "6.6.129"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Aleksey Solovev"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/nexpose/20220309/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20220309/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-0758",
"datePublished": "2022-03-17T22:30:19.550927Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-16T20:26:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5630 (GCVE-0-2019-5630)
Vulnerability from cvelistv5
Published
2019-07-03 17:00
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Request Forgery
Summary
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Nexpose/InsightVM Security Console |
Version: 6.5.0 through 6.5.68 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose/InsightVM Security Console",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "6.5.0 through 6.5.68"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rodney Beede of Rackspace (https://www.rodneybeede.com/) for finding this issue and reporting it to Rapid7. It is being disclosed in accordance Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/).\n"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."
}
],
"exploits": [
{
"lang": "en",
"value": "In order to exploit this vulnerability, an attacker would have had to create and host a vulnerable .swf file on their own web server and have the user visit the page that hosts this file. Once the user visits this page, the .swf would run in-browser and cause a 307 redirect, which in turn would direct the victim to the API endpoint and make the CSRF request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T17:00:55",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue minimally affects Security Console versions 6.5.0 through 6.5.68. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to 6.5.69 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-17",
"discovery": "USER"
},
"title": "Rapid7 Nexpose/InsightVM Security Console CSRF",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2019-5630",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose/InsightVM Security Console CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose/InsightVM Security Console",
"version": {
"version_data": [
{
"version_value": "6.5.0 through 6.5.68"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rodney Beede of Rackspace (https://www.rodneybeede.com/) for finding this issue and reporting it to Rapid7. It is being disclosed in accordance Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/).\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."
}
]
},
"exploit": [
{
"lang": "en",
"value": "In order to exploit this vulnerability, an attacker would have had to create and host a vulnerable .swf file on their own web server and have the user visit the page that hosts this file. Once the user visits this page, the .swf would run in-browser and cause a 307 redirect, which in turn would direct the victim to the API endpoint and make the CSRF request."
}
],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue minimally affects Security Console versions 6.5.0 through 6.5.68. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to 6.5.69 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-17",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5630",
"datePublished": "2019-07-03T17:00:55",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5638 (GCVE-0-2019-5638)
Vulnerability from cvelistv5
Published
2019-08-21 19:36
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://docs.rapid7.com/insightvm/enable-insightvm-platform-login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.5.50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Ashutosh Barot. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-08-14T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user\u0027s password is changed by an administrator due to an otherwise unrelated credential leak, that user account\u0027s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.\u003c/p\u003e"
}
],
"value": "Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user\u0027s password is changed by an administrator due to an otherwise unrelated credential leak, that user account\u0027s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T15:34:58.318Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.rapid7.com/insightvm/enable-insightvm-platform-login"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is resolved in versions 6.5.51 and later of Rapid7 Nexpose.\u003c/p\u003e"
}
],
"value": "This issue is resolved in versions 6.5.51 and later of Rapid7 Nexpose."
}
],
"source": {
"advisory": "R7-2018-50",
"discovery": "EXTERNAL"
},
"title": "Rapid7 Nexpose Insufficient Session Management",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-08-15T15:00:00.000Z",
"ID": "CVE-2019-5638",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose Insufficient Session Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.5.50"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Ashutosh Barot. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user\u0027s password is changed by an administrator due to an otherwise unrelated credential leak, that user account\u0027s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in versions 6.5.51 and later of Rapid7 Nexpose."
}
],
"source": {
"advisory": "R7-2018-50",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5638",
"datePublished": "2019-08-21T19:36:25.675225Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-16T22:25:03.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5230 (GCVE-0-2017-5230)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Hard-Coded Password
Summary
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50"
},
{
"name": "96956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "6.4.49 and prior"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of \u0027r@p1d7k3y5t0r3\u0027 which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hard-Coded Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T11:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50"
},
{
"name": "96956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_value": "6.4.49 and prior"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of \u0027r@p1d7k3y5t0r3\u0027 which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-Coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50",
"refsource": "MISC",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50"
},
{
"name": "96956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5230",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7382 (GCVE-0-2020-7382)
Vulnerability from cvelistv5
Published
2020-09-03 13:55
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted Search Path or Element
Summary
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.40",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Angelo D\u0027Amato. "
}
],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-03T13:55:26",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unquoted Path in Rapid7 Nexpose Installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7382",
"STATE": "PUBLIC",
"TITLE": "Unquoted Path in Rapid7 Nexpose Installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.40"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Angelo D\u0027Amato. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40",
"refsource": "MISC",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7382",
"datePublished": "2020-09-03T13:55:26",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5640 (GCVE-0-2019-5640)
Vulnerability from cvelistv5
Published
2021-11-22 16:35
Modified
2024-09-17 00:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.114",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ashutosh Barot"
}
],
"datePublic": "2021-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user\u0027s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user\u003c/p\u003e"
}
],
"value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user\u0027s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T10:10:18.015Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Information Disclosure after logout",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-11-17T15:05:00.000Z",
"ID": "CVE-2019-5640",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose Information Disclosure after logout"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.6.114",
"version_value": "6.6.114"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user\u0027s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/nexpose/20211117/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5640",
"datePublished": "2021-11-22T16:35:10.539066Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T00:15:52.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0681 (GCVE-0-2023-0681)
Vulnerability from cvelistv5
Published
2023-03-20 17:26
Modified
2025-02-26 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230208/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:43:51.768864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:44:06.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.178",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Beau Taub of 2U, Inc."
}
],
"datePublic": "2023-03-20T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker\u2019s choice using the \u2018page\u2019 parameter of the \u2018data/console/redirect\u2019 component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker\u2019s choice using the \u2018page\u2019 parameter of the \u2018data/console/redirect\u2019 component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.\u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T17:47:59.274Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230208/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Uncontrolled URL Redirect",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-0681",
"datePublished": "2023-03-20T17:26:01.588Z",
"dateReserved": "2023-02-06T14:52:11.265Z",
"dateUpdated": "2025-02-26T18:44:06.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3913 (GCVE-0-2022-3913)
Vulnerability from cvelistv5
Published
2023-02-01 21:52
Modified
2025-03-26 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230201/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/12/07/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:04:59.895760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:05:18.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.178",
"status": "affected",
"version": "6.6.82",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InsightVM",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.178",
"status": "affected",
"version": "6.6.82",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-02-01T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eRapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server\u0027s FQDN or redirect legitimate traffic to the attacker\u0027s server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server\u0027s FQDN or redirect legitimate traffic to the attacker\u0027s server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T21:52:21.959Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230201/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/12/07/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Certificate Validation Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-3913",
"datePublished": "2023-02-01T21:52:21.959Z",
"dateReserved": "2022-11-09T14:48:27.304Z",
"dateUpdated": "2025-03-26T15:05:18.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0757 (GCVE-0-2022-0757)
Vulnerability from cvelistv5
Published
2022-03-17 22:30
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.93",
"status": "affected",
"version": "6.6.93",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aleksey Solovev"
}
],
"datePublic": "2022-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T14:35:09",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-02T00:00:00.000Z",
"ID": "CVE-2022-0757",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "6.6.93",
"version_value": "6.6.93"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Aleksey Solovev"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/nexpose/20220302/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-0757",
"datePublished": "2022-03-17T22:30:18.220701Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-16T17:48:14.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4261 (GCVE-0-2022-4261)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-14 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20221207/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightvm/20221207/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:22:13.145687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:57:38.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.171",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InsightVM",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.171",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Emmett Kelly, Rapid7 Principal Software Engineer"
}
],
"datePublic": "2022-12-07T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.\u003c/p\u003e"
}
],
"value": "Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T19:24:33.157Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/release-notes/nexpose/20221207/"
},
{
"url": "https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed"
},
{
"url": "https://docs.rapid7.com/release-notes/insightvm/20221207/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Nexpose Update Validation Issue",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-4261",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:57:38.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9757 (GCVE-0-2016-9757)
Vulnerability from cvelistv5
Published
2016-12-20 22:00
Modified
2024-08-06 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Persistent XSS
Summary
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13"
},
{
"name": "94996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "6.4.12"
}
]
}
],
"datePublic": "2016-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user\u0027s browser context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T10:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13"
},
{
"name": "94996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2016-9757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_value": "6.4.12"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user\u0027s browser context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13"
},
{
"name": "94996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-9757",
"datePublished": "2016-12-20T22:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3535 (GCVE-0-2021-3535)
Vulnerability from cvelistv5
Published
2021-06-16 01:40
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Rapid7 Nexpose |
Version: unspecified < 6.6.81 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210505/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rapid7 Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.81",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Philipp Behmer."
}
],
"datePublic": "2021-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console\u0027s Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T01:40:12",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210505/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-05-06T00:00:00.000Z",
"ID": "CVE-2021-3535",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rapid7 Nexpose",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "6.6.81"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Philipp Behmer."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console\u0027s Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/nexpose/20210505/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20210505/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-3535",
"datePublished": "2021-06-16T01:40:12.586548Z",
"dateReserved": "2021-05-05T00:00:00",
"dateUpdated": "2024-09-16T23:10:39.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5264 (GCVE-0-2017-5264)
Vulnerability from cvelistv5
Published
2017-12-14 21:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - (Cross-Site Request Forgery (CSRF))
Summary
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66"
},
{
"name": "43911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43911/"
},
{
"name": "102208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "6.4.65 and prior"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 (Cross-Site Request Forgery (CSRF))",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-30T10:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66"
},
{
"name": "43911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43911/"
},
{
"name": "102208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_value": "6.4.65 and prior"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 (Cross-Site Request Forgery (CSRF))"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66"
},
{
"name": "43911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43911/"
},
{
"name": "102208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5264",
"datePublished": "2017-12-14T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7381 (GCVE-0-2020-7381)
Vulnerability from cvelistv5
Published
2020-09-03 13:55
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.40",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Mishra Dhiraj. "
}
],
"descriptions": [
{
"lang": "en",
"value": "In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-03T13:55:25",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Code Injection in Rapid7 Nexpose Installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7381",
"STATE": "PUBLIC",
"TITLE": "Code Injection in Rapid7 Nexpose Installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.40"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Mishra Dhiraj. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40",
"refsource": "MISC",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7381",
"datePublished": "2020-09-03T13:55:25",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5243 (GCVE-0-2017-5243)
Vulnerability from cvelistv5
Published
2017-06-06 16:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - (Use of a Broken or Risky Cryptographic Algorithm)
Summary
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Nexpose hardware appliance |
Version: All Nexpose hardware appliances shipped before June 2017. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose hardware appliance",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All Nexpose hardware appliances shipped before June 2017."
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T15:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose hardware appliance",
"version": {
"version_data": [
{
"version_value": "All Nexpose hardware appliances shipped before June 2017."
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5243",
"datePublished": "2017-06-06T16:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5232 (GCVE-0-2017-5232)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- DLL Preloading
Summary
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 6.4.24"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 6.4.24"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5232",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31868 (GCVE-0-2021-31868)
Vulnerability from cvelistv5
Published
2021-08-19 15:25
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210804/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.95",
"status": "affected",
"version": "6.6.95",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reda El Hachloufi"
}
],
"datePublic": "2021-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T15:25:10",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210804/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-08-04T17:00:00.000Z",
"ID": "CVE-2021-31868",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.6.95",
"version_value": "6.6.95"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reda El Hachloufi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/nexpose/20210804/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20210804/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-31868",
"datePublished": "2021-08-19T15:25:10.545322Z",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-09-17T01:16:12.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6493 (GCVE-0-2012-6493)
Vulnerability from cvelistv5
Published
2014-02-04 17:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23924",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23924"
},
{
"name": "88923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88923"
},
{
"name": "20130103 CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/docs/DOC-2155#release1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23924",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23924"
},
{
"name": "88923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88923"
},
{
"name": "20130103 CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/docs/DOC-2155#release1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23924",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23924"
},
{
"name": "88923",
"refsource": "OSVDB",
"url": "http://osvdb.org/88923"
},
{
"name": "20130103 CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html"
},
{
"name": "https://community.rapid7.com/docs/DOC-2155#release1",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/docs/DOC-2155#release1"
},
{
"name": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6493",
"datePublished": "2014-02-04T17:00:00",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7383 (GCVE-0-2020-7383)
Vulnerability from cvelistv5
Published
2020-10-14 19:45
Modified
2024-09-16 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.49",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Mikhail Klyuchnikov of Positive Technologies."
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources \u0026 make changes they should not have been able to access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T19:45:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection in Rapid7 Nexpose",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-14T11:23:00.000Z",
"ID": "CVE-2020-7383",
"STATE": "PUBLIC",
"TITLE": "SQL Injection in Rapid7 Nexpose"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.49"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Mikhail Klyuchnikov of Positive Technologies."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources \u0026 make changes they should not have been able to access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49",
"refsource": "MISC",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7383",
"datePublished": "2020-10-14T19:45:15.276787Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T20:31:39.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6494 (GCVE-0-2012-6494)
Vulnerability from cvelistv5
Published
2020-01-25 18:41
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57150"
},
{
"name": "80982",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user\u0027s session and gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-25T18:41:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57150"
},
{
"name": "80982",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user\u0027s session and gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57150"
},
{
"name": "80982",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6494",
"datePublished": "2020-01-25T18:41:34",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-19 16:15
Modified
2024-11-21 06:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20210804/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20210804/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068918FF-2768-4CB8-AEDB-C34481C7C72F",
"versionEndExcluding": "6.6.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021."
},
{
"lang": "es",
"value": "Rapid7 Nexpose versiones 6.6.95 y anteriores, permiten a usuarios autenticados de la Consola de Seguridad visualizar y editar cualquier ticket en la funcionalidad legacy ticketing, independientemente de la asignaci\u00f3n del ticket. Este problema fue resuelto en versi\u00f3n 6.6.96, publicada el 4 de agosto de 2021."
}
],
"id": "CVE-2021-31868",
"lastModified": "2024-11-21T06:06:23.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-19T16:15:12.293",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210804/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210804/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-30 10:15
Modified
2024-11-21 07:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC070CA9-0DD2-4AC3-8072-49E1A097D00D",
"versionEndExcluding": "6.6.187",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.\u00a0 This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.\u00a0\u00a0"
}
],
"id": "CVE-2023-1699",
"lastModified": "2024-11-21T07:39:43.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-30T10:15:07.137",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-22 17:15
Modified
2024-11-21 04:45
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20211117/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20211117/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE0AC6F-B4B1-4F7A-8394-FFE98037273F",
"versionEndExcluding": "6.6.114",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user\u0027s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"
},
{
"lang": "es",
"value": "Rapid7 Nexpose versiones anteriores a 6.6.114, sufren un problema de exposici\u00f3n de informaci\u00f3n por el que, cuando la sesi\u00f3n del usuario ha finalizado por inactividad, un atacante puede usar la funcionalidad inspect element browser para eliminar el panel de acceso y visualizar los detalles disponibles en la \u00faltima p\u00e1gina web visitada por el usuario anterior"
}
],
"id": "CVE-2019-5640",
"lastModified": "2024-11-21T04:45:17.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-22T17:15:08.357",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-08 00:15
Modified
2024-11-21 07:34
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/insightvm/20221207/ | Release Notes, Vendor Advisory | |
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20221207/ | Release Notes, Vendor Advisory | |
| cve@rapid7.com | https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/insightvm/20221207/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20221207/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed | Exploit, Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8445EB28-3D0F-44C4-A6E8-D79FC0C12AA6",
"versionEndExcluding": "6.6.172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F4869F-E078-44DD-AF60-7D1791240783",
"versionEndExcluding": "6.6.172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.\n\n"
},
{
"lang": "es",
"value": "Las versiones de Rapid7 Nexpose e InsightVM anteriores a la 6.6.172 no lograron validar de manera confiable la autenticidad del contenido de la actualizaci\u00f3n. Este fallo podr\u00eda permitir que un atacante proporcione una actualizaci\u00f3n maliciosa y altere la funcionalidad de Rapid7 Nexpose. El atacante necesitar\u00eda alg\u00fan mecanismo preexistente para proporcionar una actualizaci\u00f3n maliciosa, ya sea mediante un esfuerzo de ingenier\u00eda social, acceso privilegiado para reemplazar las actualizaciones descargadas en tr\u00e1nsito o realizando un ataque de atacante en el medio en el propio servicio de actualizaci\u00f3n."
}
],
"id": "CVE-2022-4261",
"lastModified": "2024-11-21T07:34:53.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-08T00:15:10.533",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/insightvm/20221207/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20221207/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/insightvm/20221207/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20221207/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-04 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | nexpose | * | |
| rapid7 | nexpose | 5.4 | |
| rapid7 | nexpose | 5.4.1 | |
| rapid7 | nexpose | 5.4.2 | |
| rapid7 | nexpose | 5.4.3 | |
| rapid7 | nexpose | 5.4.4 | |
| rapid7 | nexpose | 5.4.5 | |
| rapid7 | nexpose | 5.4.6 | |
| rapid7 | nexpose | 5.4.7 | |
| rapid7 | nexpose | 5.4.8 | |
| rapid7 | nexpose | 5.4.9 | |
| rapid7 | nexpose | 5.4.10 | |
| rapid7 | nexpose | 5.4.11 | |
| rapid7 | nexpose | 5.4.12 | |
| rapid7 | nexpose | 5.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7092419-CD5C-4D96-B3F0-18724CE62216",
"versionEndIncluding": "5.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E99F219-046F-4272-9390-FEDD119D4480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D00215B-C6FB-44E8-8FBB-56A13AC70009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "129A50F9-509C-42D5-A185-8AA88D468CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE07CAC2-F931-4CFE-9883-A2C48FE73958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E174D181-143F-4F63-9A5C-7A477CA5AD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31CD346D-D2F6-4EB1-B1B8-3A435678D5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A36059AE-A763-4C01-863C-348FC77CE582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28F06A18-7C2C-4789-82AE-96C3A741962F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DA6563-3C35-4739-A443-14F7DE3B76A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C91691B-FDC9-4B98-AACC-17723FCDD3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDF8104-9494-4995-8F4F-8B5140868A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "844792DE-6A21-41B0-97AD-72CFB1821386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "256309DB-D90C-4C37-B241-665F25FB47B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "733076EC-78D0-4C5D-AA11-6CAABF980755",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en Rapid7 Nexpose Security Console anterior a 5.5.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas para solicitudes que eliminan datos de an\u00e1lisis y sitios a trav\u00e9s de una solicitud hacia data/site/delete."
}
],
"id": "CVE-2012-6493",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-04T22:55:03.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88923"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23924"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/docs/DOC-2155#release1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/23924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/docs/DOC-2155#release1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-17 23:15
Modified
2024-11-21 06:39
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20220309/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20220309/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86D6C107-176D-4A6E-9D00-72E46ACCDA70",
"versionEndExcluding": "6.6.130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130."
},
{
"lang": "es",
"value": "Rapid7 Nexpose versiones 6.6.129 y anteriores, sufren una vulnerabilidad de tipo cross site scripting reflejada, dentro del componente de configuraci\u00f3n de an\u00e1lisis compartido de la herramienta. Con esta vulnerabilidad un atacante podr\u00eda pasar valores literales como las credenciales de prueba, proporcionando la oportunidad para un potencial ataque de tipo XSS. Este problema es corregido en Rapid7 Nexpose versi\u00f3n 6.6.130"
}
],
"id": "CVE-2022-0758",
"lastModified": "2024-11-21T06:39:20.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T23:15:07.667",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220309/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220309/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-25 19:15
Modified
2024-11-21 01:46
Severity ?
Summary
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/57150 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/80982 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/57150 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/80982 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C34490DE-0E65-4633-9C3F-25C65A988908",
"versionEndExcluding": "5.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user\u0027s session and gain unauthorized access."
},
{
"lang": "es",
"value": "Rapid7 Nexpose versiones anteriores a 5.5.4, contiene una vulnerabilidad de secuestro de sesi\u00f3n que permite a atacantes remotos capturar la sesi\u00f3n de un usuario y conseguir un acceso no autorizado."
}
],
"id": "CVE-2012-6494",
"lastModified": "2024-11-21T01:46:12.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-25T19:15:10.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57150"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-14 20:15
Modified
2024-11-21 05:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2E3C0E-2930-4F67-9EF1-E43EB44F42C3",
"versionEndExcluding": "6.6.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources \u0026 make changes they should not have been able to access."
},
{
"lang": "es",
"value": "Un problema de inyecci\u00f3n SQL en Rapid7 Nexpose versiones anteriores a 6.6.49, que puede haber permitido a un usuario autenticado con un nivel de permiso bajo acceder a recursos y realizar cambios a los que no deber\u00eda haber sido capaz de acceder"
}
],
"id": "CVE-2020-7383",
"lastModified": "2024-11-21T05:37:08.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-14T20:15:16.180",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0982147-6D64-497D-938C-754B9BEEDC2C",
"versionEndIncluding": "6.4.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of \u0027r@p1d7k3y5t0r3\u0027 which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk."
},
{
"lang": "es",
"value": "El almac\u00e9n de claves de Java en todas las versiones y ediciones de Nexpose anterior a versi\u00f3n 6.4.50 de Rapid7, es cifrado con una contrase\u00f1a est\u00e1tica de \u201cr@p1d7k3y5t0r3\u201d que no es modificable por el usuario. El almac\u00e9n de claves provee almacenamiento para las credenciales de an\u00e1lisis guardadas en una lugar de otro modo seguro en el disco."
}
],
"id": "CVE-2017-5230",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.547",
"references": [
{
"source": "cve@rapid7.com",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "cve@rapid7.com",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 22:15
Modified
2024-11-21 07:20
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E930FC91-AC43-40C9-9106-6EE7533D305B",
"versionEndExcluding": "6.6.178",
"versionStartIncluding": "6.6.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server\u0027s FQDN or redirect legitimate traffic to the attacker\u0027s server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.\n\n\n\n\n"
}
],
"id": "CVE-2022-3913",
"lastModified": "2024-11-21T07:20:31.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T22:15:08.690",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230201/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/12/07/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230201/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/12/07/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0982147-6D64-497D-938C-754B9BEEDC2C",
"versionEndIncluding": "6.4.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
},
{
"lang": "es",
"value": "Todas las ediciones de los instaladores de Rapid7 Nexpose anteriores a la versi\u00f3n 6.4.24 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."
}
],
"id": "CVE-2017-5232",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.657",
"references": [
{
"source": "cve@rapid7.com",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-03 14:15
Modified
2024-11-21 05:37
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F6D1B0-EBA8-49AF-85E7-5D38810610F3",
"versionEndExcluding": "6.6.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name."
},
{
"lang": "es",
"value": "En el instalador de Rapid7 Nexpose versiones anteriores a 6.6.40, el instalador de Nexpose llama un ejecutable que puede ser colocado por un atacante en el directorio apropiado con acceso a la m\u00e1quina local.\u0026#xa0;Esto impedir\u00eda que el instalador distinga entre un ejecutable v\u00e1lido llamado durante una instalaci\u00f3n de Security Console y cualquier c\u00f3digo arbitrario ejecutable usando el mismo nombre de archivo"
}
],
"id": "CVE-2020-7381",
"lastModified": "2024-11-21T05:37:08.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.5,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-03T14:15:10.977",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-16 02:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20210505/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20210505/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240D303F-9A0A-4261-B4AB-02A6686A91C8",
"versionEndExcluding": "6.6.81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console\u0027s Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version."
},
{
"lang": "es",
"value": "Rapid7 Nexpose es suceptible a una vulnerabilidad de tipo cross-site scripting no persistente que afecta a la funcionalidad Filtered Asset Search de Security Console. Un criterio de b\u00fasqueda espec\u00edfico y una combinaci\u00f3n de operadores en la b\u00fasqueda de activos filtrados podr\u00edan haber permitido a un usuario pasar c\u00f3digo mediante el campo de b\u00fasqueda proporcionado. Este problema afecta a la versi\u00f3n 6.6.80 y anteriores, y se ha corregido en la versi\u00f3n 6.6.81. Si su Security Console se encuentra actualmente dentro de este rango de versiones afectadas, aseg\u00farese de actualizar su Security Console a la \u00faltima versi\u00f3n"
}
],
"id": "CVE-2021-3535",
"lastModified": "2024-11-21T06:21:47.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T02:15:06.687",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210505/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20210505/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-14 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5ACBC23-9538-42B7-8C9D-54137C2BE8C5",
"versionEndExcluding": "6.4.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack."
},
{
"lang": "es",
"value": "Las versiones de Nexpose anteriores a la 6.4.66 no validan adecuadamente el origen de peticiones HTTP destinadas a la aplicaci\u00f3n web administrativa Automated Actions, siendo vulnerables ante un ataque de Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2017-5264",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-14T21:29:00.270",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102208"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66"
},
{
"source": "cve@rapid7.com",
"url": "https://www.exploit-db.com/exploits/43911/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/43911/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-21 20:15
Modified
2024-11-21 04:45
Severity ?
Summary
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D900F950-0B7B-471D-928D-4A4F3F2A2EBD",
"versionEndIncluding": "6.5.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user\u0027s password is changed by an administrator due to an otherwise unrelated credential leak, that user account\u0027s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage."
},
{
"lang": "es",
"value": "Las versiones de Rapid7 Nexpose versi\u00f3n 6.5.50 y anteriores adolecen de una caducidad de sesi\u00f3n insuficiente cuando un administrador realiza una edici\u00f3n relevante para la seguridad de un usuario existente conectado. Por ejemplo, si un administrador cambia la contrase\u00f1a de un usuario debido a una fuga de credenciales no relacionada, la sesi\u00f3n actual de esa cuenta de usuario sigue siendo v\u00e1lida despu\u00e9s del cambio de contrase\u00f1a, lo que potencialmente permite que el atacante que originalmente comprometi\u00f3 la credencial permanezca conectado y pueda causar Da\u00f1o adicional."
}
],
"id": "CVE-2019-5638",
"lastModified": "2024-11-21T04:45:17.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "cve@rapid7.com",
"type": "Secondary"
}
]
},
"published": "2019-08-21T20:15:13.007",
"references": [
{
"source": "cve@rapid7.com",
"url": "https://docs.rapid7.com/insightvm/enable-insightvm-platform-login"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.rapid7.com/insightvm/enable-insightvm-platform-login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-17 23:15
Modified
2024-11-21 06:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/nexpose/20220302/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/nexpose/20220302/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6486C49-C857-420B-A0BA-E029CE123933",
"versionEndIncluding": "6.6.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
},
{
"lang": "es",
"value": "Las versiones 6.6.93 y anteriores de Rapid7 Nexpose son susceptibles de una vulnerabilidad de inyecci\u00f3n SQL, por la que no se definen operadores de b\u00fasqueda v\u00e1lidos. Esta falta de validaci\u00f3n puede permitir que un atacante autenticado que haya iniciado sesi\u00f3n manipule los operadores \"ANY\" y \"OR\" en los SearchCriteria e inyecte c\u00f3digo SQL. Este problema se ha solucionado en la versi\u00f3n 6.6.129 de Rapid7 Nexpose"
}
],
"id": "CVE-2022-0757",
"lastModified": "2024-11-21T06:39:20.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T23:15:07.610",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-20 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | http://www.securityfocus.com/bid/94996 | Third Party Advisory, VDB Entry | |
| cve@rapid7.com | https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94996 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:6.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "957301F3-95BF-415A-A318-67C94C4D12AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user\u0027s browser context."
},
{
"lang": "es",
"value": "En la p\u00e1gina Create Tags de la interfaz de usuario de Rapid7 Nexpose versi\u00f3n 6.4.12, cualquier usuario autenticado que tiene la capacidad de crear etiquetas puede inyectar elementos CSS en la etiqueta de campo de nombre. Por ejemplo, una etiqueta de nombre como \"AB\" es suficiente para explotar la vulnerabilidad. Una vez esta etiqueta se ve en la p\u00e1gina Tag Detail de la interfaz de usuario de Rapid7 Nexpose 6.4.12 por otro usuario autenticado, la secuencia se ejecuta en ese contexto del navegador del usuario."
}
],
"id": "CVE-2016-9757",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-20T22:59:00.350",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94996"
},
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-03 17:15
Modified
2024-11-21 04:45
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "690F6F1D-AE3F-4F2D-BEF6-F32C4B93BB07",
"versionEndIncluding": "6.5.68",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de falsificaci\u00f3n de solicitudes en Cross-Site (CSRF) en las versiones 6.5.0 a 6.5.68 de la consola de seguridad InsightVM de Rapid7 Nexpose. Este problema permite a los atacantes aprovechar las vulnerabilidades de CSRF en los puntos finales de la API utilizando Flash para eludir una solicitud de OPCIONES previas al vuelo entre dominios."
}
],
"id": "CVE-2019-5630",
"lastModified": "2024-11-21T04:45:16.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-03T17:15:10.597",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-03 14:15
Modified
2024-11-21 05:37
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F6D1B0-EBA8-49AF-85E7-5D38810610F3",
"versionEndExcluding": "6.6.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40."
},
{
"lang": "es",
"value": "El instalador de Rapid7 Nexpose versiones anteriores a 6.6.40, contiene una Ruta de B\u00fasqueda Sin Comillas que puede permitir a un atacante en la m\u00e1quina local insertar un archivo arbitrario en la ruta ejecutable.\u0026#xa0;Este problema afecta a: Rapid7 Nexpose versiones anteriores a 6.6.40"
}
],
"id": "CVE-2020-7382",
"lastModified": "2024-11-21T05:37:08.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.2,
"impactScore": 6.0,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-03T14:15:11.103",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-06 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B79EC4-5022-4BE6-AF39-972407FD03AD",
"versionEndIncluding": "6.4.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de SSH en los dispositivos hardware con Nexpose de Rapid7 enviados antes de Junio de 2017 no especifica los algoritmos deseados para el intercambio de claves y otras funciones importantes. Como resultado, vuelve a permitir TODOS los algoritmos compatibles para la versi\u00f3n relevante de OpenSSH y hace que las instalaciones sean vulnerables a una variedad de ataques MITM, degradados y descifrados."
}
],
"id": "CVE-2017-5243",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-06T16:29:00.173",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}