VYPR

Nexpose

by Rapid7

CVEs (22)

  • CVE-2012-6494Jan 25, 2020
    risk 0.00cvss epss 0.01

    Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.

  • CVE-2019-5638Aug 21, 2019
    risk 0.00cvss epss 0.01

    Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential…

Page 2 of 2