Lucene search

[email protected]CVE-2023-1699

HistoryMar 30, 2023 - 10:15 a.m.

CVE-2023-1699

2023-03-3010:15:07

CWE-425

[email protected]

web.nvd.nist.gov

cve-2023-1699

rapid7

nexpose

vulnerability

forced browsing

security

administrative pages

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.

Affected configurations

NVD

Node

rapid7nexposeRange<6.6.187

CPENameOperatorVersion
rapid7:nexposerapid7 nexposelt6.6.187

CPE	Name	Operator	Version
rapid7:nexpose	rapid7 nexpose	lt	6.6.187

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Nexpose",
    "vendor": "Rapid7",
    "versions": [
      {
        "lessThanOrEqual": "6.6.186",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.rapid7.com/release-notes/nexpose/20230329/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVE-2023-1699

prion1 nvd1 cvelist1