PT-2021-19556 · Rapid7 · Rapid7 Nexpose

Reda El Hachloufi

Published

2021-08-19

Updated

2021-08-26

CVE-2021-31868

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions 6.6.95 and earlier

Description: The issue allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This was resolved in version 6.6.96.

Recommendations: For versions 6.6.95 and earlier, update to version 6.6.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the legacy ticketing feature in the Security Console until the update is applied.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-31868

Affected Products

Rapid7 Nexpose

PT-2021-19556 · Rapid7 · Rapid7 Nexpose

CVE-2021-31868

Weakness Enumeration

Related Identifiers

Affected Products

References · 6