CVE-2019-5630

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68

Description A Cross-Site Request Forgery (CSRF) issue was discovered, allowing attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.

Recommendations For versions 6.5.0 through 6.5.68, consider disabling the use of Flash to mitigate the risk of exploitation until a patch is available. Restrict access to API endpoints to minimize the risk of CSRF attacks.