Unrated severityNVD Advisory· Published Jul 3, 2019· Updated Aug 4, 2024
Rapid7 Nexpose/InsightVM Security Console CSRF
CVE-2019-5630
Description
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
Affected products
2>=6.5.0, <=6.5.68+ 1 more
- (no CPE)range: >=6.5.0, <=6.5.68
- (no CPE)range: 6.5.0 through 6.5.68
Patches
Vulnerability mechanics
References
1- help.rapid7.com/nexpose/en-us/release-notesmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.