9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%
In Q1, our team continued to focus on driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance. While many of these updates are under the hood, you may have started to notice faster vulnerability checks available for the recent ETRs or an upgraded user interface for the console Admin page. Let’s take a look at some of the key updates in InsightVM and Nexpose from Q1.
Scan Assistant, a lightweight service deployed on the asset, leverages the Scan Engine and digital certificates to securely deliver the core benefits of authenticated scanning without the need to manage traditional account-based credentials.
Customers can now easily determine the validity of a Scan Assistant digital certificate by viewing the Expiration Date on the Shared Scan Credential Configuration page.
We updated the user interface (UI) of the Console Administration page to facilitate a more intuitive and consistent user experience across InsightVM and the Insight Platform. You can even switch between light mode and dark mode for this page. This update is part of our ongoing Security Console experience transformation to enhance its usability and workflow—stay tuned for more updates!
Rapid7’s Emergent Threat Response (ETR) program flagged multiple CVEs this quarter. InsightVM and Nexpose customers can assess their exposure to many of these CVEs with vulnerability checks, including:
Want to know how you can refine your existing vulnerability management practices and use InsightVM to improve your readiness for the next emergent threat? Join our upcoming webinar:
Responding to Emergent Threats with InsightVM
Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. However, a benchmark or guideline as-is may not meet the unique needs of your business. Very soon (next quarter soon), you can start using Agent-Based Policy for custom policy assessment.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%