Vulnerabilities > Rapid7 > Nexpose > 6.4.52
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-5638 | Insufficient Session Expiration vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. | 8.8 |
| 2017-12-14 | CVE-2017-5264 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Nexpose Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | 6.8 |