2198 matches found
CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...
Improper access control
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...
CVE-2021-4016 Rapid7 Insight Agent Improper Access Control
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...
CVE-2021-4016
CVE-2021-4016 affects Rapid7 Insight Agent prior to 3.1.3, where improper access control allows local users to read the snapshot directory and copy files (e.g., asset_info.json, file_info.json), causing confidentiality loss. Root cause is lack of proper privilege restrictions for files in the sna...
Rapid7 Insight Agent 安全漏洞
Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. that collects data from IT assets. The software is capable of collecting data from IT assets.An arbitrary file reading vulnerability exists in Rapid7 Insight Agent versions prior to 3.1.3, which stems from the software's lack of...
PT-2022-11195 · Rapid7 · Rapid7 Insight Agent
Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Agent versions prior to 3.1.3 Description: The issue is related to improper access control, allowing users to access the snapshot directory. An attacker can access, read, and copy files in this directory, such as asset info.jso...
CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...
Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
The plugin does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. As a result, it could allow users...
Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
The plugin does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. As a result, it could allow users...
Security Bulletin: IBM Netcool Agile Service Manager is affected by a vulnerability in Apache Log4j (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Netcool Agile Service Manager. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...
Rapid7 Insight Agent Elevation of Privilege Vulnerability
Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. An elevation of privilege vulnerability exists in Rapid7 Insight Agent, which stems from an uncontrolled DLL search path. A malicious attacker can exploit this vulnerability to elevate to SYSTEM privileges using Insight Agent's...
Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...
Input validation
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...
CVE-2021-4007 Rapid7 Insight Agent Privilege Escalation
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...
CVE-2021-4007
CVE-2021-4007 – Rapid7 Insight Agent privilege escalation : Affects Rapid7 Insight Agent runtimes 3.0.1–3.1.2.34. The root cause is an uncontrolled DLL search path where startup loads python3.dll from C:\DLLs, a writable location, allowing a local attacker to elevate to SYSTEM. Impact is local pr...
Rapid7 Insight Agent 代码问题漏洞
Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. An elevation of privilege vulnerability exists in Rapid7 Insight Agent, which stems from an uncontrolled DLL search path. A malicious attacker can exploit this vulnerability to elevate to SYSTEM privileges using Insight Agent's...
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...