- Description
- Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
- Source
- cve@rapid7.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92D55F81-2863-4161-A9BE-D9845CEA085F",
"versionEndIncluding": "6.6.160"
}
],
"operator": "OR"
}
]
}
]