Skip to main content

Nexpose CVE-2012-6493

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2014-02-04 cve@mitre.org
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 04, 2014 - 22:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete. Affected products include: Rapid7 Nexpose. Version information: before 5.5.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2017-5264 HIGH POC
8.8 Dec 14

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated A

CVE-2022-4261 MEDIUM POC
6.5 Dec 08

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents.

CVE-2023-1699 CRITICAL
9.8 Mar 30

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. Rated critical severity (CVSS 9.8

CVE-2022-0757 HIGH
8.8 Mar 17

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search opera

CVE-2019-5630 HIGH
8.8 Jul 03

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0

CVE-2019-5638 HIGH
8.7 Aug 21

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a se

CVE-2017-5243 HIGH
8.5 Jun 06

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired al

CVE-2020-7383 HIGH
8.1 Oct 14

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low p

CVE-2017-5232 HIGH
7.8 Mar 02

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is

CVE-2020-7381 HIGH
7.8 Sep 03

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in t

CVE-2017-5230 HIGH
7.2 Mar 02

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of

CVE-2020-7382 MEDIUM
6.5 Sep 03

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the loc

Share

CVE-2012-6493 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy