Lucene search
K

194 matches found

Cvelist
Cvelist
added 2024/04/02 9:51 a.m.18 views

CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive...

3.3CVSS4AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 9:51 a.m.66 views

CVE-2024-2745

Affected product : Rapid7 InsightVM maintenance mode login page. Vulnerability : sensitive information exposure via URL query strings when a login attempt occurs before the page is fully loaded. Impact : potential exposure of passwords, authentication tokens, usernames, and other sensitive data. ...

3.3CVSS3.6AI score0.00181EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/02 9:51 a.m.17 views

CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive...

3.3CVSS6.4AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.4 views

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM versions prior to 6.6.244. The vulnerability stems from a sensitive information exposure vulnerability on the login page in maintenance mode, whereby when...

3.3CVSS6.6AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.5 views

PT-2024-21905 · Rapid7 · Rapid7 Insightvm

Name of the Vulnerable Software and Affected Versions: Rapid7 InsightVM versions prior to 6.6.244 Description: The maintenance mode login page of Rapid7 InsightVM suffers from a sensitive information exposure issue, where sensitive information such as passwords, auth tokens, and usernames are...

3.3CVSS6.8AI score0.00181EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2024/02/20 8:3 p.m.57 views

High-Risk Vulnerabilities in ConnectWise ScreenConnect

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier. Neither vulnerability had a CVE assigned at time of disclosure, but as of February 21, CVEs have been assigned to both issues...

7.5CVSS9.7AI score0.99959EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2024/02/20 5:3 p.m.53 views

Explanation of New Authenticated Scanning PCI DSS Requirement 11.3.1.2 in PCI DSS V4.0 and how InsightVM can help meet the Requirement

By: Dominick Vitolo, VP of Security Services, MegaplanIT As a Certified Qualified Security Assessor QSA company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards. PCI DSS version 4.0 is a significant update...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/12 1:23 p.m.140 views

Critical Fortinet FortiOS CVE-2024-21762 Exploited

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers ...

7.5CVSS8.6AI score0.99474EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2024/01/23 6:42 p.m.85 views

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

7.5CVSS7.6AI score0.99999EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2023/12/04 6:19 p.m.9 views

Method to an Old Consultant's Madness with Site Design

If it's your first time purchasing and setting up InsightVM – or if you are a seasoned veteran – I highly recommend a ‘less is more’ strategy with site design. After many thousands of health checks performed by security consultants for InsightVM customers, the biggest challenge most consultants...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/11/27 5:0 p.m.11 views

Building our Team in Prague: Meet Martin Votruba

From developing driver-assistance software for a luxury car brand to jumping on board an NFT startup, Martin Votruba, Lead Software Engineer, is not one to shy away from a challenge. In September of 2023, joined Rapid7 as the first hire in its new Prague office. Martin is leveraging Rapid7’s...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/11/16 6:26 p.m.4 views

Manage Enterprise Risk at Scale with a Unified, Holistic Approach

The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage. Historically, many firms faced this challenge simply by purchasing more technology in the hopes that the latest threat protection software would keep...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/11/08 2:0 p.m.20 views

Setup of Discovery Connection Azure

By: fuzzy borders Are you having trouble trying to get your Azure assets into your InsightVM security console? In this blog post, we wanted to bring additional insight into leveraging the Azure Discovery Connection with InsightVM. This blog post is brought to you by the Fuzzy Borders project, who...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/25 7:6 p.m.144 views

Introducing Active Risk

Cyber risk is increasing both in volume and velocity. Given the landscape of threats, weaknesses, vulnerabilities, and misconfigurations, organizations, teams and vulnerability analysts alike need of better prioritization mechanisms. That's why we developed a new risk scoring methodology: Active...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/22 1:0 p.m.17 views

Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection

The highly respected SC Awards program, hosted by SC Media, recognizes the solutions, organizations, and people driving innovation and success in information security. Now in its 26th year, the SC Awards continue to grow and evolve. Rapid7 is proud to announce we have received not one, but two...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/05/31 2:11 p.m.61 views

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...

7.5CVSS10.4AI score0.99284EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/05/17 6:35 p.m.61 views

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. A patch is available for this vulnerability and should be applied on an...

7.5CVSS10.3AI score0.99999EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2023/04/26 4:54 p.m.290 views

Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem

Background Rapid7 Insight Agent and InsightVM Scan Assistant are executables that can be deployed to assist in understanding the vulnerabilities in your environment. Frequently there are questions around when and where you would deploy each, if you need both, what they actually monitor, etc. This...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/04/05 4:9 p.m.315 views

Using InsightVM Remediation Projects To Ensure Accountability

One benefit of InsightVM reporting is that it enables security teams to build accountability into remediation projects. There are a number of ways this can be accomplished and the approach you take will be dictated by your organization’s specific structure and needs. In this blog, we’ll look at t...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/31 3:44 p.m.64 views

What’s New in InsightVM and Nexpose: Q1 2023 in Review

In Q1, our team continued to focus on driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance. While many of these updates are under the hood, you may have started to notice faster vulnerability checks available for the recent ETRs or an upgrade...

5.8CVSS9.5AI score0.99999EPSS
Exploits58
Rows per page
Query Builder