8 matches found
CVE-2019-5615
CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...
CVE-2024-2745
Affected product : Rapid7 InsightVM maintenance mode login page. Vulnerability : sensitive information exposure via URL query strings when a login attempt occurs before the page is fully loaded. Impact : potential exposure of passwords, authentication tokens, usernames, and other sensitive data. ...
CVE-2022-4261
Rapid7 Nexpose and InsightVM before 6.6.178 are affected by a certificate validation issue in the update process. The vulnerability arises from failing to validate the update server’s certificate when downloading updates, potentially enabling an attacker with network access (including through a c...
CVE-2023-0681
CVE-2023-0681 affects Rapid7 InsightVM, version 6.6.178 and earlier. The vulnerability is an open redirect in the data/console/redirect component, exploitable via the page parameter to redirect users to a site chosen by an attacker. The issue is mitigated by upgrading to version 6.6.179 (February...
CVE-2021-3844
Rapid7 InsightVM is affected by an insufficient session expiration flaw when an administrator performs a security-related edit on an existing, logged-in user. The issue can allow the attacker who originally captured the credentials to remain logged in after the password or related edit, potential...
CVE-2017-5242
CVE-2017-5242 affects Nexpose and InsightVM virtual appliances downloaded between 2017-04-05 and 2017-05-03, which contain identical SSH host keys due to keys not being regenerated at first boot. This creates a risk that a privileged attacker could impersonate another vulnerable appliance or decr...
CVE-2019-5641
Rapid7 InsightVM contains an information exposure vulnerability related to logout/session timeout handling. When a user’s session ends due to inactivity, an attacker can use the browser’s Inspect Element to remove the login panel and view details from the last webpage visited by the previous user...
CVE-2024-6504
Rapid7 InsightVM Console exposure (CVE-2024-6504) affects versions prior to 6.6.261. The root cause is a protection mechanism failure that allows an attacker with network access to the Console to overload or crash it by sending repeated invalid REST requests to port 443, triggering an exception h...