VYPR
Unrated severityNVD Advisory· Published Aug 19, 2021· Updated Sep 17, 2024

Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability

CVE-2021-31868

Description

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.

Affected products

2
  • Rapid7/Nexposellm-fuzzy2 versions
    <=6.6.95+ 1 more
    • (no CPE)range: <=6.6.95
    • (no CPE)range: 6.6.95

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.