CVE-2022-0757

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
References
Link Resource
https://docs.rapid7.com/release-notes/nexpose/20220302/ Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*

Information

Published : 2022-03-17 11:15

Updated : 2022-04-07 02:13


NVD link : CVE-2022-0757

Mitre link : CVE-2022-0757

Products Affected
CWE