Lucene search
K

194 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/10/27 3:22 p.m.155 views

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation NSX-V solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8. The vulnerability arises from a deserialization...

6CVSS2.2AI score0.98124EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/09/28 2:11 p.m.175 views

What’s New in InsightVM and Nexpose: Q3 2022 in Review

Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...

10CVSS9.9AI score0.99999EPSS
Exploits189
Rapid7 Blog
Rapid7 Blog
added 2022/09/22 2:53 p.m.19 views

One Year After IntSights Acquisition, Threat Intel’s Value Is Clear

Rapid7 Strengthens Market Position With 360-Degree XDR and Best-in-Class Threat Intelligence Offerings Time flies… and provides opportunities to establish proof points. After recently passing the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings t...

0.5AI score
Exploits0
OSV
OSV
added 2022/09/21 3:15 p.m.4 views

CVE-2019-5641

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2022/09/21 3:15 p.m.17 views

CVE-2019-5641

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...

5.3CVSS0.00323EPSS
Exploits0References1
Prion
Prion
added 2022/09/21 3:15 p.m.23 views

Design/Logic Flaw

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...

5CVSS5.1AI score0.00323EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/21 2:45 p.m.38 views

CVE-2019-5641

Rapid7 InsightVM contains an information exposure vulnerability related to logout/session timeout handling. When a user’s session ends due to inactivity, an attacker can use the browser’s Inspect Element to remove the login panel and view details from the last webpage visited by the previous user...

5.3CVSS4.5AI score0.00323EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/21 2:45 p.m.4 views

CVE-2019-5641 Rapid7 InsightVM Information Disclosure after Logout

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...

3.3CVSS5.2AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/21 2:45 p.m.17 views

CVE-2019-5641 Rapid7 InsightVM Information Disclosure after Logout

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...

3.3CVSS5.2AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.2 views

Rapid7 InsightVM 代码问题漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM that stems from the presence of an information disclosure issue that allows an attacker to use the Inspect Element browser feature to delete the login panel...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/09/20 3:14 p.m.1232 views

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804. The advisory reveals a command injection vulnerability in multiple API endpoints, which allows an attacker with access to a public repository or with read permissions to a...

10CVSS0.8AI score0.99077EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2022/09/06 3:48 p.m.21 views

5 Steps for Dealing With Unknown Environments in InsightVM

Trying to deal with a large network can be difficult. All too often, engineers and admins don't know the full scope of their environment and have trouble defining the actual subnets and the systems that exist on those subnets. They know of a couple /24 subnets here or there, but it's very possibl...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/07 7:9 p.m.70 views

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

In April 2022, telecommunications company Mitel published a security advisory on CVE-2022-29499, a data validation vulnerability in the Service Appliance component of MiVoice Connect, a business communications product. The vulnerability, which was unpatched at time of publication, arose from...

10CVSS1.6AI score0.56967EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/05/31 3:15 p.m.186 views

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

On May 30, 2022, Microsoft Security Response Center MSRC published a blog on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool msdt in Windows. Microsoft’s advisory on CVE-2022-30190 indicates that exploitation has been detected in the wild. According to Microsof...

9.3CVSS1.1AI score0.99374EPSS
Exploits62
Rapid7 Blog
Rapid7 Blog
added 2022/05/16 2:0 p.m.18 views

Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7

The Rapid7 InsightConnect Extension library is getting bigger! We’ve teamed up with IT operations platform, Automox, to release a new plugin and technology alliance that closes the aperture of attack for vulnerability findings and automates remediation. Using the Automox Plugin for Rapid7...

1.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/05/09 5:57 p.m.363 views

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

On May 4, 2022, F5 released an advisory listing several vulnerabilities, including CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST with a CVSSv3 base score of 9.8. The vulnerability affects several different versions of BIG-IP prior to 17.0.0,...

10CVSS0.8AI score0.99999EPSS
Exploits310
Rapid7 Blog
Rapid7 Blog
added 2022/04/19 5:52 p.m.224 views

What's New in InsightVM and Nexpose: Q1 2022 in Review

The world of cybersecurity never has a dull moment. While we are still recovering from the aftermath of Log4Shell, the recent ContiLeaks exposed multiple vulnerabilities that have been exploited by the Conti ransomware group. It’s critical for your team to identify the risk posed by such...

9.3CVSS0.2AI score0.99999EPSS
Exploits351
Rapid7 Blog
Rapid7 Blog
added 2022/03/30 10:33 p.m.339 views

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Rapid7 has completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post here. If yo...

9.3CVSS9.9AI score0.99999EPSS
Exploits481
Rapid7 Blog
Rapid7 Blog
added 2022/03/15 3:56 p.m.97 views

InsightVM Scanning: Demystifying SSH Credential Elevation

Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/02/18 2:20 p.m.104 views

What's New in InsightVM and Nexpose: Q4 2021 in Review

Greetings, fellow security professionals. As we enter into the new year, we wanted to provide a recap of product releases and features on the vulnerability management VM front for Q4 2021. Let's start by talking about the elephant in the room. The end of last year was dominated by Log4Shell, the...

10CVSS0.99999EPSS
Exploits371
Rows per page
Query Builder