CVE-2019-5630

Published: Jul 3, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.

Affected (1)

Products: Rapid7: Nexpose

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rapid7 Nexpose	From 6.5.0 to 6.5.68

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69

Source: cve@rapid7.com

Release NotesVendor Advisory

https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.