Vulnerabilities > Rapid7 > Nexpose > 6.6.130

DATE CVE VULNERABILITY TITLE RISK
2023-03-30 CVE-2023-1699 Forced Browsing vulnerability in Rapid7 Nexpose
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.  This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages.
network
low complexity
rapid7 CWE-425
critical
 9.8
9.8
2023-02-01 CVE-2022-3913 Improper Certificate Validation vulnerability in Rapid7 Nexpose
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates.
network
high complexity
rapid7 CWE-295
5.3
5.3
2022-12-08 CVE-2022-4261 Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents.
network
low complexity
rapid7 CWE-494
6.5
6.5