Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Insightvm Security Vulnerabilities

cve
cve

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

7.7CVSS

7.5AI Score

0.001EPSS

2023-01-12 10:15 PM
19
cve
cve

CVE-2019-5615

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users ...

6.5CVSS

6.7AI Score

0.001EPSS

2019-04-09 04:29 PM
56
cve
cve

CVE-2019-5641

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

5.3CVSS

5.1AI Score

0.001EPSS

2022-09-21 03:15 PM
19
4
cve
cve

CVE-2021-3844

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session i...

5.7CVSS

6.1AI Score

0.002EPSS

2023-03-24 05:15 PM
26
cve
cve

CVE-2022-4261

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a ...

6.5CVSS

6.3AI Score

0.001EPSS

2022-12-08 12:15 AM
35
cve
cve

CVE-2023-0681

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the...

6.1CVSS

6.1AI Score

0.001EPSS

2023-03-20 08:15 PM
29
cve
cve

CVE-2024-6504

Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console...

5.3CVSS

4.8AI Score

0.0005EPSS

2024-07-18 10:15 AM
4