Описание
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
Ссылки
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 6.6.187 (исключая)
cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00095
Низкий
4.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-425
CWE-425
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
EPSS
Процентиль: 27%
0.00095
Низкий
4.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-425
CWE-425