2 matches found
CVE-2020-7381 Code Injection in Rapid7 Nexpose Installer
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Securit...
CVE-2020-7381
The CVE-2020-7381 issue affects Rapid7 Nexpose installer versions before 6.6.40, where the installer executes a binary that can be replaced by an attacker with local access. This could cause the installer to treat a malicious executable with the same name as legitimate during Security Console ins...