Vulnerabilities > Rapid7 > Nexpose > 6.6.55
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
2022-03-17 | CVE-2022-0757 | SQL Injection vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. | 8.8 |
2022-03-17 | CVE-2022-0758 | Cross-site Scripting vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. | 6.1 |
2021-11-22 | CVE-2019-5640 | Information Exposure vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | 5.3 |
2021-08-19 | CVE-2021-31868 | Missing Authentication for Critical Function vulnerability in Rapid7 Nexpose Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. | 5.4 |
2021-06-16 | CVE-2021-3535 | Cross-site Scripting vulnerability in Rapid7 Nexpose Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. | 6.1 |