CVE-2024-6504 – Rapid7 InsightVM Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2024-6504
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. Las versiones de Rapid7 InsightVM Console inferiores a 6.6.260 sufren una falla en el mecanismo de protección mediante el cual un atacante con acceso de red a InsightVM Console puede provocar que se sobrecargue o falle al enviar repetidas solicitudes REST no válidas en un corto período de tiempo al puerto 443 de la consola, lo que provoca que la consola se bloquee. para ingresar a un bucle de registro de manejo de excepciones, agotando la CPU. No hay indicios de que un atacante pueda utilizar este método para escalar privilegios, adquirir acceso no autorizado a datos u obtener control de recursos protegidos. • https://docs.rapid7.com/release-notes/insightvm/20240717 • CWE-693: Protection Mechanism Failure •
CVE-2024-2745 – Rapid7 InsightVM Sensitive Information Exposure via URL
https://notcve.org/view.php?id=CVE-2024-2745
Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244. La página de inicio de sesión en modo de mantenimiento InsightVM de Rapid7 sufre una vulnerabilidad de exposición de información confidencial por la cual, la información confidencial queda expuesta a través de cadenas de consulta en la URL cuando se intenta iniciar sesión antes de que la página esté completamente cargada. Esta vulnerabilidad permite a los atacantes adquirir información confidencial como contraseñas, tokens de autenticación, nombres de usuario, etc. • https://docs.rapid7.com/release-notes/insightvm/20240327 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2021-3844 – Rapid7 InsightVM Insufficient Session Expiration
https://notcve.org/view.php?id=CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638. • https://docs.rapid7.com/insightvm/enable-insightvm-platform-login https://www.cve.org/cverecord?id=CVE-2019-5638 • CWE-613: Insufficient Session Expiration •
CVE-2023-0681 – Rapid7 Nexpose Uncontrolled URL Redirect
https://notcve.org/view.php?id=CVE-2023-0681
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. • https://docs.rapid7.com/release-notes/nexpose/20230208 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-4261 – Rapid7 Nexpose Update Validation Issue
https://notcve.org/view.php?id=CVE-2022-4261
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself. Las versiones de Rapid7 Nexpose e InsightVM anteriores a la 6.6.172 no lograron validar de manera confiable la autenticidad del contenido de la actualización. Este fallo podría permitir que un atacante proporcione una actualización maliciosa y altere la funcionalidad de Rapid7 Nexpose. • https://docs.rapid7.com/release-notes/insightvm/20221207 https://docs.rapid7.com/release-notes/nexpose/20221207 https://www.rapid7.com/blog/post/2022/12/7/cve-2022-4261-rapid7-nexpose-update-validation-issue-fixed • CWE-494: Download of Code Without Integrity Check •