Vulnerabilities > Rapid7 > Insightvm > 6.5.44
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2024-6504 | Unspecified vulnerability in Rapid7 Insightvm Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. | 5.3 |
| 2023-03-24 | CVE-2021-3844 | Insufficient Session Expiration vulnerability in Rapid7 Insightvm Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. | 5.4 |
| 2023-03-20 | CVE-2023-0681 | Open Redirect vulnerability in Rapid7 Insightvm Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. | 6.1 |
| 2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
| 2019-04-09 | CVE-2019-5615 | Insufficiently Protected Credentials vulnerability in Rapid7 Insightvm Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. | 3.5 |