Every CVE whose affected-product data names Rapid7 Nexpose, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2017-5264 — CVSS 8.8 (high): Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions…
CVE-2019-5638 — CVSS 8.7 (high): Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant…
CVE-2017-5243 — CVSS 8.5 (high): The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key…
CVE-2017-5232 — CVSS 7.8 (high): All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the…
CVE-2017-5230 — CVSS 7.2 (high): The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3'…
CVE-2020-7382 — CVSS 6.8 (medium): Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to…
CVE-2012-6493 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the…
CVE-2020-7383 — CVSS 6.5 (medium): A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to…
CVE-2012-6494 — CVSS 6.1 (medium): Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain…
CVE-2019-5630 — CVSS 5.9 (medium): A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68…
CVE-2020-7381 — CVSS 5.8 (medium): In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate…
CVE-2022-0757 — CVSS 5.5 (medium): Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not…
CVE-2016-9757 — CVSS 5.4 (medium): In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags…
CVE-2022-3913 — CVSS 5.3 (medium): Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading…
CVE-2022-4261 — CVSS 4.4 (medium): Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could…
CVE-2023-1699 — CVSS 4.3 (medium): Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate…
CVE-2021-31868 — CVSS 4.3 (medium): Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy…
CVE-2021-3535 — CVSS 4.3 (medium): Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search…
CVE-2022-0758 — CVSS 3.3 (low): Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan…
CVE-2019-5640 — CVSS 3.3 (low): Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to…