3 matches found
CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)
On November 14, 2022, Rapid7's product engineering team discovered that the mechanism in Nexpose and InsightVM used to validate the source of an update file was unreliable. This failure, which involved the internal cryptographic validation of received updates, was designated as CVE-2022-4261, and...
CVE-2022-4261
Rapid7 Nexpose and InsightVM before 6.6.178 are affected by a certificate validation issue in the update process. The vulnerability arises from failing to validate the update server’s certificate when downloading updates, potentially enabling an attacker with network access (including through a c...
CVE-2022-4261 Rapid7 Nexpose Update Validation Issue
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...