3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Rapid7ās InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.Ā This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.Ā Ā
Ā
The vulnerability is remediated in version 6.6.244.
[
{
"defaultStatus": "unaffected",
"product": "InsightVM",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "6.6.244",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%