Lucene search
+L
Rapid7Insightvm

8 matches found

cve
cve
added 2019/04/09 3:27 p.m.80 views

CVE-2019-5615

CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...

6.5CVSS5.4AI score0.00802EPSS
cve
cve
added 2024/04/02 9:51 a.m.69 views

CVE-2024-2745

Affected product : Rapid7 InsightVM maintenance mode login page. Vulnerability : sensitive information exposure via URL query strings when a login attempt occurs before the page is fully loaded. Impact : potential exposure of passwords, authentication tokens, usernames, and other sensitive data. ...

3.3CVSS3.6AI score0.00181EPSS
cve
cve
added 2022/12/07 12:0 a.m.68 views

CVE-2022-4261

Rapid7 Nexpose and InsightVM before 6.6.178 are affected by a certificate validation issue in the update process. The vulnerability arises from failing to validate the update server’s certificate when downloading updates, potentially enabling an attacker with network access (including through a c...

6.5CVSS5.3AI score0.00308EPSS
cve
cve
added 2023/03/20 5:26 p.m.62 views

CVE-2023-0681

CVE-2023-0681 affects Rapid7 InsightVM, version 6.6.178 and earlier. The vulnerability is an open redirect in the data/console/redirect component, exploitable via the page parameter to redirect users to a site chosen by an attacker. The issue is mitigated by upgrading to version 6.6.179 (February...

6.1CVSS5.1AI score0.00329EPSS
Web
cve
cve
added 2023/03/24 4:37 p.m.61 views

CVE-2021-3844

Rapid7 InsightVM is affected by an insufficient session expiration flaw when an administrator performs a security-related edit on an existing, logged-in user. The issue can allow the attacker who originally captured the credentials to remain logged in after the password or related edit, potential...

5.7CVSS6.7AI score0.0036EPSS
cve
cve
added 2023/01/12 12:0 a.m.42 views

CVE-2017-5242

CVE-2017-5242 affects Nexpose and InsightVM virtual appliances downloaded between 2017-04-05 and 2017-05-03, which contain identical SSH host keys due to keys not being regenerated at first boot. This creates a risk that a privileged attacker could impersonate another vulnerable appliance or decr...

7.7CVSS7.6AI score0.00376EPSS
cve
cve
added 2022/09/21 2:45 p.m.39 views

CVE-2019-5641

Rapid7 InsightVM contains an information exposure vulnerability related to logout/session timeout handling. When a user’s session ends due to inactivity, an attacker can use the browser’s Inspect Element to remove the login panel and view details from the last webpage visited by the previous user...

5.3CVSS4.5AI score0.00323EPSS
cve
cve
added 2024/07/18 9:32 a.m.28 views

CVE-2024-6504

Rapid7 InsightVM Console exposure (CVE-2024-6504) affects versions prior to 6.6.261. The root cause is a protection mechanism failure that allows an attacker with network access to the Console to overload or crash it by sending repeated invalid REST requests to port 443, triggering an exception h...

5.3CVSS4.8AI score0.00316EPSS