Vulnerabilities > Rapid7 > Insightvm > 6.6.223

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2024-6504 Unspecified vulnerability in Rapid7 Insightvm
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU.
network
low complexity
rapid7
5.3
2024-04-02 CVE-2024-2745 Unspecified vulnerability in Rapid7 Insightvm
Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.  This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.     The vulnerability is remediated in version 6.6.244. 
local
low complexity
rapid7
3.3