← Back

Rapid7

rapid7

81 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Nexpose
nexpose
20 CVEs
Metasploit
metasploit
17 CVEs
Velociraptor
velociraptor
15 CVEs
Insightvm
insightvm
8 CVEs
Insight Agent
insight_agent
7 CVEs
Appspider Pro
appspider_pro
6 CVEs
Insightappsec
insightappsec
4 CVEs
Insightcloudsec
insightcloudsec
3 CVEs
Appspider
appspider
2 CVEs
Insight Collector
insight_collector
1 CVE
Komand
komand
1 CVE
Insight Platform
insight_platform
1 CVE

CVEs (81)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-5629
1Rapid7
1Insight Agent
Nov 21, 2024
Jul 13, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to...Show more
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.Show less
CVE-2019-5630
1Rapid7
1Nexpose
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using F...Show more
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.Show less
CVE-2019-5624
1Rapid7
1Metasploit
Nov 21, 2024
Apr 30, 2019
N/A· v4
7.3 HIGH· v3
6.5 MEDIUM· v2
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can a...Show more
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.Show less
CVE-2019-5615
1Rapid7
1Insightvm
Nov 21, 2024
Apr 9, 2019
N/A· v4
6.5 MEDIUM· v3
3.5 LOW· v2
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passw...Show more
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.Show less
CVE-2018-5559
1Rapid7
1Komand
Nov 21, 2024
Nov 28, 2018
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from th...Show more
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.Show less
CVE-2017-5264
1Rapid7
1Nexpose
May 13, 2026
Dec 14, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) at...Show more
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.Show less
CVE-2017-15084
1Rapid7
1Metasploit
May 13, 2026
Oct 6, 2017
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
CVE-2017-5244
1Rapid7
1Metasploit
May 13, 2026
Jun 15, 2017
N/A· v4
3.5 LOW· v3
3.5 LOW· v2
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This coul...Show more
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.Show less
CVE-2017-5243
1Rapid7
1Nexpose
May 13, 2026
Jun 6, 2017
N/A· v4
8.5 HIGH· v3
6.8 MEDIUM· v2
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL...Show more
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.Show less
CVE-2017-5240
1Rapid7
1Appspider Pro
May 13, 2026
May 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when par...Show more
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.Show less
CVE-2017-5236
1Rapid7
1Appspider Pro
May 13, 2026
May 3, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of t...Show more
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.Show less
CVE-2017-5235
1Rapid7
1Metasploit
May 13, 2026
Mar 2, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the...Show more
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.Show less
CVE-2017-5234
1Rapid7
1Insight Collector
May 13, 2026
Mar 2, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the install...Show more
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.Show less
CVE-2017-5233
1Rapid7
1Appspider Pro
May 13, 2026
Mar 2, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...Show more
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.Show less
CVE-2017-5232
1Rapid7
1Nexpose
May 13, 2026
Mar 2, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the i...Show more
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.Show less
CVE-2017-5231
1Rapid7
1Metasploit
May 13, 2026
Mar 2, 2017
N/A· v4
7.1 HIGH· v3
5.1 MEDIUM· v2
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of...Show more
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.Show less
CVE-2017-5230
1Rapid7
1Nexpose
May 13, 2026
Mar 2, 2017
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan c...Show more
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.Show less
CVE-2017-5229
1Rapid7
1Metasploit
May 13, 2026
Mar 2, 2017
N/A· v4
7.1 HIGH· v3
5.1 MEDIUM· v2
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterprete...Show more
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.Show less
CVE-2017-5228
1Rapid7
1Metasploit
May 13, 2026
Mar 2, 2017
N/A· v4
7.1 HIGH· v3
5.1 MEDIUM· v2
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is...Show more
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.Show less
CVE-2016-9757
1Rapid7
1Nexpose
May 6, 2026
Dec 20, 2016
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this ta...Show more
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.Show less