CVE-2012-6493
Nexpose Security Console - Cross-Site Request Forgery
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Vulnerabilidad de CSRF en Rapid7 Nexpose Security Console anterior a 5.5.4 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas para solicitudes que eliminan datos de análisis y sitios a través de una solicitud hacia data/site/delete.
Nexpose Security Console versions prior to 5.5.3 suffer from multiple cross site request forgery vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-01-02 CVE Reserved
- 2013-01-05 CVE Published
- 2013-01-06 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://osvdb.org/88923 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://community.rapid7.com/docs/DOC-2155#release1 | 2014-02-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | <= 5.5.3 Search vendor "Rapid7" for product "Nexpose" and version " <= 5.5.3" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4 Search vendor "Rapid7" for product "Nexpose" and version "5.4" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.1 Search vendor "Rapid7" for product "Nexpose" and version "5.4.1" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.2 Search vendor "Rapid7" for product "Nexpose" and version "5.4.2" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.3 Search vendor "Rapid7" for product "Nexpose" and version "5.4.3" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.4 Search vendor "Rapid7" for product "Nexpose" and version "5.4.4" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.5 Search vendor "Rapid7" for product "Nexpose" and version "5.4.5" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.6 Search vendor "Rapid7" for product "Nexpose" and version "5.4.6" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.7 Search vendor "Rapid7" for product "Nexpose" and version "5.4.7" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.8 Search vendor "Rapid7" for product "Nexpose" and version "5.4.8" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.9 Search vendor "Rapid7" for product "Nexpose" and version "5.4.9" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.10 Search vendor "Rapid7" for product "Nexpose" and version "5.4.10" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.11 Search vendor "Rapid7" for product "Nexpose" and version "5.4.11" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.4.12 Search vendor "Rapid7" for product "Nexpose" and version "5.4.12" | - |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Nexpose Search vendor "Rapid7" for product "Nexpose" | 5.5.1 Search vendor "Rapid7" for product "Nexpose" and version "5.5.1" | - |
Affected
|