VYPR
Unrated severityNVD Advisory· Published Mar 30, 2023· Updated Feb 11, 2025

Rapid7 Nexpose Forced Browsing

CVE-2023-1699

Description

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.  This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.

Affected products

2
  • Rapid7/Nexposellm-fuzzy2 versions
    <=6.6.186+ 1 more
    • (no CPE)range: <=6.6.186
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.