Lucene search
K

194 matches found

CVE
CVE
added 2023/02/01 9:52 p.m.59 views

CVE-2022-3913

CVE-2022-3913 affects Rapid7 Nexpose and InsightVM, versions 6.6.82–6.6.177, due to failure to validate the update server’s TLS certificate when downloading updates. This could allow a network‑adjacent attacker with some access along the path to supply their own HTTPS endpoint or intercept traffi...

5.3CVSS5.1AI score0.00295EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

Rapid7 Nexpose 信任管理问题漏洞

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning of configuration environments for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...

5.3CVSS6.1AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.9 views

PT-2023-13700 · Rapid7 · Insightvm +1

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 Description: The issue arises from the failure to validate the certificate of the update server when downloading updates. This could allow an attacker in a privileged position on th...

6.5CVSS5.5AI score0.00308EPSS
Exploits1References6
Rapid7 Blog
Rapid7 Blog
added 2023/01/19 7:4 p.m.49 views

Exploitation of Control Web Panel CVE-2022-44877

On January 3, 2023, security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in Control Web Panel CWP, formerly known as CentOS Web Panel that had been fixed in an October 2022 release of CWP. The vulnerability...

2.8AI score0.99995EPSS
Exploits12
NVD
NVD
added 2023/01/12 10:15 p.m.12 views

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.7CVSS7.6AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2023/01/12 10:15 p.m.5 views

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.7CVSS5.8AI score0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.5 views

CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.2AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.6 views

PT-2023-10639 · Rapid7 · Nexpose +1

Name of the Vulnerable Software and Affected Versions: Nexpose virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 InsightVM virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 Description: The issue concerns Nexpose and InsightVM virtual...

7.7CVSS7.2AI score0.00376EPSS
Exploits0References4
CVE
CVE
added 2023/01/12 12:0 a.m.41 views

CVE-2017-5242

CVE-2017-5242 affects Nexpose and InsightVM virtual appliances downloaded between 2017-04-05 and 2017-05-03, which contain identical SSH host keys due to keys not being regenerated at first boot. This creates a risk that a privileged attacker could impersonate another vulnerable appliance or decr...

7.7CVSS7.6AI score0.00376EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.12 views

CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.6AI score0.00376EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2022/12/21 5:35 p.m.81 views

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike...

1.2AI score0.99964EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2022/12/13 11:19 p.m.68 views

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution...

1.1AI score0.06931EPSS
Exploits1
NVD
NVD
added 2022/12/08 12:15 a.m.20 views

CVE-2022-4261

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

6.5CVSS0.00308EPSS
Exploits1References3
OSV
OSV
added 2022/12/08 12:15 a.m.4 views

CVE-2022-4261

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References3
Prion
Prion
added 2022/12/08 12:15 a.m.20 views

Design/Logic Flaw

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

4CVSS6.3AI score0.00308EPSS
Exploits1References3Affected Software2
Rapid7 Blog
Rapid7 Blog
added 2022/12/07 7:8 p.m.45 views

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

On November 14, 2022, Rapid7's product engineering team discovered that the mechanism in Nexpose and InsightVM used to validate the source of an update file was unreliable. This failure, which involved the internal cryptographic validation of received updates, was designated as CVE-2022-4261, and...

0.5AI score0.00308EPSS
Exploits1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.28 views

CVE-2022-4261 Rapid7 Nexpose Update Validation Issue

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

4.4CVSS6.5AI score0.00308EPSS
Exploits1References3
CVE
CVE
added 2022/12/07 12:0 a.m.66 views

CVE-2022-4261

Rapid7 Nexpose and InsightVM before 6.6.178 are affected by a certificate validation issue in the update process. The vulnerability arises from failing to validate the update server’s certificate when downloading updates, potentially enabling an attacker with network access (including through a c...

6.5CVSS5.3AI score0.00308EPSS
Exploits1References3Affected Software2
Rapid7 Blog
Rapid7 Blog
added 2022/11/15 3:37 p.m.176 views

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 announcing fixes for three vulnerabilities: CVE-2022-27510 “Unauthorized access to Gateway user capabilities” CVE-2022-27513 “Remote desktop takeover via...

1.9AI score0.01231EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/11/04 1:0 p.m.240 views

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

As stated in our Apache Commons Text blog post, CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input, and affects versions 1.5 through 1.9. This vulnerability has been patched as of Commons Text version 1.10...

1AI score0.99931EPSS
Exploits41
Rows per page
Query Builder