Nexpose
by Rapid7
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6494 | 0.00 | — | 0.01 | Jan 25, 2020 | Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access. | |||
| CVE-2019-5638 | 0.00 | — | 0.01 | Aug 21, 2019 | Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential… |
- CVE-2012-6494Jan 25, 2020risk 0.00cvss —epss 0.01
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
- CVE-2019-5638Aug 21, 2019risk 0.00cvss —epss 0.01
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential…
Page 2 of 2