Page 2 of 20 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user Rapid7 Nexpose versiones anteriores a 6.6.114, sufren un problema de exposición de información por el que, cuando la sesión del usuario ha finalizado por inactividad, un atacante puede usar la funcionalidad inspect element browser para eliminar el panel de acceso y visualizar los detalles disponibles en la última página web visitada por el usuario anterior • https://docs.rapid7.com/release-notes/nexpose/20211117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021. Rapid7 Nexpose versiones 6.6.95 y anteriores, permiten a usuarios autenticados de la Consola de Seguridad visualizar y editar cualquier ticket en la funcionalidad legacy ticketing, independientemente de la asignación del ticket. Este problema fue resuelto en versión 6.6.96, publicada el 4 de agosto de 2021. • https://docs.rapid7.com/release-notes/nexpose/20210804 • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. Rapid7 Nexpose es suceptible a una vulnerabilidad de tipo cross-site scripting no persistente que afecta a la funcionalidad Filtered Asset Search de Security Console. • https://docs.rapid7.com/release-notes/nexpose/20210505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. Un problema de inyección SQL en Rapid7 Nexpose versiones anteriores a 6.6.49, que puede haber permitido a un usuario autenticado con un nivel de permiso bajo acceder a recursos y realizar cambios a los que no debería haber sido capaz de acceder • https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40. El instalador de Rapid7 Nexpose versiones anteriores a 6.6.40, contiene una Ruta de Búsqueda Sin Comillas que puede permitir a un atacante en la máquina local insertar un archivo arbitrario en la ruta ejecutable. Este problema afecta a: Rapid7 Nexpose versiones anteriores a 6.6.40 • https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40 • CWE-428: Unquoted Search Path or Element •