Vulnerabilities > Rapid7 > Insightvm
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-18 | CVE-2024-6504 | Unspecified vulnerability in Rapid7 Insightvm Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. | 5.3 |
2023-03-24 | CVE-2021-3844 | Insufficient Session Expiration vulnerability in Rapid7 Insightvm Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. | 5.4 |
2023-03-20 | CVE-2023-0681 | Open Redirect vulnerability in Rapid7 Insightvm Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. | 6.1 |
2023-01-12 | CVE-2017-5242 | Use of Insufficiently Random Values vulnerability in Rapid7 Insightvm Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. | 7.7 |
2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
2022-09-21 | CVE-2019-5641 | Insufficient Session Expiration vulnerability in Rapid7 Insightvm Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | 5.3 |
2019-04-09 | CVE-2019-5615 | Insufficiently Protected Credentials vulnerability in Rapid7 Insightvm Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. | 6.5 |