VYPR
Unrated severityNVD Advisory· Published Jul 3, 2019· Updated Aug 4, 2024

Rapid7 Nexpose/InsightVM Security Console CSRF

CVE-2019-5630

Description

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.