Known Vulnerabilities for Nexpose by Rapid7
Listed below are 10 of the newest known vulnerabilities associated with "Nexpose" by "Rapid7".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-31868 | Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in t... | 5.4 - MEDIUM | 2021-08-19 | 2021-08-26 |
| CVE-2021-3535 | Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered... | 6.1 - MEDIUM | 2021-06-16 | 2021-06-22 |
| CVE-2020-7383 | A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permis... | 8.1 - HIGH | 2020-10-14 | 2020-10-19 |
| CVE-2020-7382 | Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local ma... | 6.5 - MEDIUM | 2020-09-03 | 2020-09-11 |
| CVE-2020-7381 | In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the ap... | 7.8 - HIGH | 2020-09-03 | 2020-09-11 |
| CVE-2019-5640 | Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended... | 5.3 - MEDIUM | 2021-11-22 | 2023-10-10 |
| CVE-2019-5638 | Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a securit... | 8.8 - HIGH | 2019-08-21 | 2023-10-09 |
| CVE-2019-5630 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 throu... | 8.8 - HIGH | 2019-07-03 | 2019-10-09 |
| CVE-2017-5232 | All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possi... | 7.8 - HIGH | 2017-03-02 | 2017-03-21 |
| CVE-2017-5230 | The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1... | 7.2 - HIGH | 2017-03-02 | 2017-08-15 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rapid7 | Nexpose | 6.6.72 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.71 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.70 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.69 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.68 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.67 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.65 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.64 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.63 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.62 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.61 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.60 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.59 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.58 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.57 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.56 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.55 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.54 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.53 | All | All | All |
| Application | Rapid7 | Nexpose | 6.6.52 | All | All | All |