CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4016 – Rapid7 Insight Agent Improper Access Control
https://notcve.org/view.php?id=CVE-2021-4016
21 Jan 2022 — Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. Rapid7 Insight Agent, versiones anteriores a la 3.1.3, sufren una vulnerabilidad de control de acceso inapropiada por la cual, el usuario presenta acceso... • https://docs.rapid7.com/release-notes/insightagent/20220119 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4007 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-4007
14 Dec 2021 — Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5640 – Rapid7 Nexpose Information Disclosure after logout
https://notcve.org/view.php?id=CVE-2019-5640
22 Nov 2021 — Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user Rapid7 Nexpose versiones anteriores a 6.6.114, sufren un problema de exposición de información por el que, cuando la sesión del usuario ha finalizado por inactividad, un atacante puede usar la funcionalidad in... • https://docs.rapid7.com/release-notes/nexpose/20211117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31868 – Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2021-31868
19 Aug 2021 — Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021. Rapid7 Nexpose versiones 6.6.95 y anteriores, permiten a usuarios autenticados de la Consola de Seguridad visualizar y editar cualquier ticket en la funcionalidad legacy ticketing, independientemente de la asignación del ticket. Este problema ... • https://docs.rapid7.com/release-notes/nexpose/20210804 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3619 – Rapid7 Velociraptor Notebooks Authenticated Persistent XSS
https://notcve.org/view.php?id=CVE-2021-3619
22 Jul 2021 — Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds. Rapid7 Velociraptor versiones 0.5.9 y anteriores, son vulnerables a un problema de tipo cross-site scripting (XSS) p... • https://github.com/Velocidex/velociraptor/pull/1118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3535
https://notcve.org/view.php?id=CVE-2021-3535
16 Jun 2021 — Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest v... • https://docs.rapid7.com/release-notes/nexpose/20210505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7385 – Metasploit Framework 'drb_remote_codeexec' code execution
https://notcve.org/view.php?id=CVE-2020-7385
23 Apr 2021 — By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious... • https://github.com/rapid7/metasploit-framework/pull/14300 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 11%CPEs: 1EXPL: 7CVE-2020-7384 – Client-Side Command Injection in Rapid7 Metasploit
https://notcve.org/view.php?id=CVE-2020-7384
29 Oct 2020 — Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. La trama msfvenom en Metasploit de Rapid7 maneja archivos APK de una manera que permite a un usuario malicioso crear y publicar un archivo que ejecutaría comandos arbitrarios en la máquina de la víctima • https://www.exploit-db.com/exploits/49491 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7383 – SQL Injection in Rapid7 Nexpose
https://notcve.org/view.php?id=CVE-2020-7383
14 Oct 2020 — A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. Un problema de inyección SQL en Rapid7 Nexpose versiones anteriores a 6.6.49, que puede haber permitido a un usuario autenticado con un nivel de permiso bajo acceder a recursos y realizar cambios a los que no debería haber sido capaz de acceder • https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7358 – Code Injection in Rapid7 AppSpider Pro Installer
https://notcve.org/view.php?id=CVE-2020-7358
18 Sep 2020 — In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. En el instalador AppSpider versiones anteriores a 7.2.126, el instalador AppSpider llama a un ejecutable que puede ser colocado en el directorio aprop... • https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126 • CWE-427: Uncontrolled Search Path Element •