Every CVE whose affected-product data names Rapid7 Insightvm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2017-5242 — CVSS 7.7 (high): Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a…
CVE-2019-5615 — CVSS 6.5 (medium): Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators…
CVE-2021-3844 — CVSS 5.7 (medium): Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing…
CVE-2022-4261 — CVSS 4.4 (medium): Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could…
CVE-2023-0681 — CVSS 4.3 (medium): Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect…
CVE-2024-6504 — CVSS 4.3 (medium): Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the…
CVE-2019-5641 — CVSS 3.3 (low): Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can…
CVE-2024-2745 — CVSS 3.3 (low): Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information…