CVE-2019-5630

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
References
Link Resource
https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69 Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*

Information

Published : 2019-07-03 05:15

Updated : 2019-10-09 11:51


NVD link : CVE-2019-5630

Mitre link : CVE-2019-5630

Products Affected
CWE