Nexpose@* Security Vulnerabilities and Issues — Nexpose@* CVE List

Lucene search

Rapid7Nexpose*

4 matches found

CVE•added 2020/01/25 7:15 p.m.•94 views

CVE-2012-6494

Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.

6.1CVSS6.3AI score0.00533EPSS

CVE•added 2020/10/14 8:15 p.m.•49 views

CVE-2020-7383

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.

8.1CVSS7.6AI score0.00356EPSS

CVE•added 2020/09/03 2:15 p.m.•38 views

CVE-2020-7382

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.

6.8CVSS6.4AI score0.00096EPSS

CVE•added 2020/09/03 2:15 p.m.•32 views

CVE-2020-7381

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security ...

7.8CVSS6.6AI score0.00371EPSS