Lucene search
K

4 matches found

rapid7community
rapid7community
added 2017/08/09 8:47 p.m.175 views

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding the...

6.8CVSS7.6AI score0.01476EPSS
Exploits0
Exploit DB
Exploit DB
added 2017/03/24 12:0 a.m.35 views

Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...

7AI score
Exploits0
OSV
OSV
added 2017/03/02 8:59 p.m.8 views

CVE-2017-5230

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk...

7.2CVSS5.8AI score0.01476EPSS
Exploits0References3
CVE
CVE
added 2017/03/02 8:0 p.m.48 views

CVE-2017-5230

The CVE-2017-5230 issue affects Rapid7 Nexpose prior to version 6.4.50, where the Java keystore used for storing saved scan credentials is encrypted with a static, non-user-modifiable password: r@p1d7k3y5t0r3 . If an attacker gains access to the keystore, they can decrypt all stored credentials u...

7.2CVSS7AI score0.01476EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder