9 matches found
EUVD-2021-27087
Malware in sbrugna...
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...
CVE-2019-5638
creationtimestamp| type| source ---|---|--- 2023-03-24 19:42:29+00:00| seen| https://t.me/cibsecurity/60651 2023-03-28 07:42:31+00:00| seen| https://t.me/VulnerabilityNews/32377...
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...
Design/Logic Flaw
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...
CVE-2021-3844
Rapid7 InsightVM is affected by an insufficient session expiration flaw when an administrator performs a security-related edit on an existing, logged-in user. The issue can allow the attacker who originally captured the credentials to remain logged in after the password or related edit, potential...
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user...
CVE-2019-5638 Rapid7 Nexpose Insufficient Session Management
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user...
CVE-2019-5638
Summary: CVE-2019-5638 relates to Rapid7 Nexpose/InsightVM where an administrator’s security edits (e.g., password changes) do not terminate existing sessions, allowing a previously compromised user to remain logged in. Affected versions (per sources): Nexpose 6.5.50 and prior; InsightVM/Nexpose ...