Vulnerabilities > Rapid7 > Nexpose
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
| 2023-02-01 | CVE-2022-3913 | Improper Certificate Validation vulnerability in Rapid7 Nexpose Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. | 5.3 |
| 2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
| 2022-03-17 | CVE-2022-0757 | SQL Injection vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. | 8.8 |
| 2022-03-17 | CVE-2022-0758 | Cross-site Scripting vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. | 6.1 |
| 2021-11-22 | CVE-2019-5640 | Information Exposure vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | 5.3 |
| 2021-08-19 | CVE-2021-31868 | Missing Authentication for Critical Function vulnerability in Rapid7 Nexpose Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. | 5.4 |
| 2021-06-16 | CVE-2021-3535 | Cross-site Scripting vulnerability in Rapid7 Nexpose Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. | 6.1 |
| 2020-10-14 | CVE-2020-7383 | SQL Injection vulnerability in Rapid7 Nexpose A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. | 8.1 |
| 2020-09-03 | CVE-2020-7382 | Unquoted Search Path or Element vulnerability in Rapid7 Nexpose Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. | 6.5 |