Known Vulnerabilities for Nexpose by Rapid7
Listed below are 10 of the newest known vulnerabilities associated with "Nexpose" by "Rapid7".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-1699 json | Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker ... | 9.8 - CRITICAL | 2023-03-30 | 2023-11-07 |
| CVE-2022-4261 json | Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This ... | 6.5 - MEDIUM | 2022-12-08 | 2023-11-07 |
| CVE-2022-3913 json | Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downl... | 5.3 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2022-0758 json | Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared sca... | 6.1 - MEDIUM | 2022-03-17 | 2022-03-24 |
| CVE-2022-0757 json | Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators ... | 8.8 - HIGH | 2022-03-17 | 2022-04-07 |
| CVE-2021-31868 json | Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in t... | 5.4 - MEDIUM | 2021-08-19 | 2021-08-26 |
| CVE-2021-3535 json | Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered... | 6.1 - MEDIUM | 2021-06-16 | 2021-06-22 |
| CVE-2020-7383 json | A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permis... | 8.1 - HIGH | 2020-10-14 | 2020-10-19 |
| CVE-2020-7382 json | Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local ma... | 6.5 - MEDIUM | 2020-09-03 | 2020-09-11 |
| CVE-2020-7381 json | In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the ap... | 7.8 - HIGH | 2020-09-03 | 2020-09-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rapid7 | Nexpose | 6.6.72 | |||
| Application | Rapid7 | Nexpose | 6.6.71 | |||
| Application | Rapid7 | Nexpose | 6.6.70 | |||
| Application | Rapid7 | Nexpose | 6.6.69 | |||
| Application | Rapid7 | Nexpose | 6.6.68 | |||
| Application | Rapid7 | Nexpose | 6.6.67 | |||
| Application | Rapid7 | Nexpose | 6.6.65 | |||
| Application | Rapid7 | Nexpose | 6.6.64 | |||
| Application | Rapid7 | Nexpose | 6.6.63 | |||
| Application | Rapid7 | Nexpose | 6.6.62 | |||
| Application | Rapid7 | Nexpose | 6.6.61 | |||
| Application | Rapid7 | Nexpose | 6.6.60 | |||
| Application | Rapid7 | Nexpose | 6.6.59 | |||
| Application | Rapid7 | Nexpose | 6.6.58 | |||
| Application | Rapid7 | Nexpose | 6.6.57 | |||
| Application | Rapid7 | Nexpose | 6.6.56 | |||
| Application | Rapid7 | Nexpose | 6.6.55 | |||
| Application | Rapid7 | Nexpose | 6.6.54 | |||
| Application | Rapid7 | Nexpose | 6.6.53 | |||
| Application | Rapid7 | Nexpose | 6.6.52 |