Nexpose@* Security Vulnerabilities and Issues — Nexpose@* CVE List

Lucene search

Rapid7Nexpose*

4 matches found

CVE•added 2017/12/14 9:29 p.m.•50 views

CVE-2017-5264

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

8.8CVSS8.8AI score0.00335EPSS

CVE•added 2017/06/06 4:29 p.m.•43 views

CVE-2017-5243

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installat...

8.5CVSS8.3AI score0.0018EPSS

CVE•added 2017/03/02 8:59 p.m.•37 views

CVE-2017-5232

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

7.8CVSS7.5AI score0.00217EPSS

CVE•added 2017/03/02 8:59 p.m.•36 views

CVE-2017-5230

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

7.2CVSS7AI score0.00444EPSS