EUVD-2024-34105

Malicious code in bioql PyPI...

EUVD-2024-48899

Malicious code in bioql PyPI...

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-11401

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

CVE-2024-11401

Rapid7 Insight Platform shows a privilege escalation vulnerability in versions prior to 2024-11-13, where a standard user can update the password policy via the platform API due to missing authorization checks (not possible through the UI). The issue is documented as fixed as of 2024-11-13. Appli...

CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

Rapid7 Insight Platform 安全漏洞

Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys and settings from Rapid7 USA. Rapid7 Insight Platform has a security vulnerability that stems from a lack of authorization checks. An attacker can exploit the vulnerability to elevate privileges...

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

CVE-2024-8042

CVE-2024-8042 affects Rapid7 Insight Platform versions from November 2019 through August 14, 2024, due to missing authorization that enables an attacker to intercept local requests to set the name and description of a new user group. This could lead to an empty user group being created for the in...

Rapid7 Insight Platform 安全漏洞

Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys, and settings from Rapid7 USA. A security vulnerability exists in Rapid7 Insight Platform that stems from the inclusion of an authorization missing issue that allows an attacker to intercept local requests to s...

PT-2024-38768 · Rapid7 · Rapid7 Insight Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Platform versions between November 2019 and August 14, 2024 Description: The issue is related to missing authorization in the Rapid7 Insight Platform, allowing an attacker to intercept local requests and potentially add an empt...

Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions

Exciting news from Australia! Rapid7 has successfully completed an Information Security Registered Assessors Program IRAP assessment to PROTECTED Level for several of our Insight Platform solutions. What is IRAP? An IRAP assessment is an independent assessment of the implementation,...

What’s New in Rapid7 Products & Services: 2023 Year in Review

Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, prevent breaches earlier, and respond faster to threats. In this blog you'll find a review of our top releases from th...

Rapid7 Takes Next Step in AI Innovation with New AI-Powered Threat Detections

Digital transformation has created immense opportunity to generate new revenue streams, better engage with customers and drive operational efficiency. A decades-long transition to cloud as the de-facto delivery model of choice has delivered undeniable value to the business landscape. But any chan...

Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint

We are happy to announce that Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating States, Local...

Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row

For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...

Employees Make Best Frontline Phishing Defense

The cybersecurity good news and bad news about phishing attacks is employees can be an enterprise’s weakest link or strongest first line of defense. Yes, we are talking about inboxes, human nature and the increasingly sophisticated number of phishing attacks. The Federal Bureau of Investigation...