Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nexpose Security Vulnerabilities - 2020

cve
cve

CVE-2012-6494

Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.

6.1CVSS

6.3AI Score

0.001EPSS

2020-01-25 07:15 PM
83
cve
cve

CVE-2020-7381

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security ...

7.8CVSS

7.5AI Score

0.001EPSS

2020-09-03 02:15 PM
21
cve
cve

CVE-2020-7382

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.

6.8CVSS

6.3AI Score

0.0004EPSS

2020-09-03 02:15 PM
27
cve
cve

CVE-2020-7383

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.

8.1CVSS

8.3AI Score

0.001EPSS

2020-10-14 08:15 PM
40
7