CVE-2021-3844

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM (affected versions not specified)

Description The issue arises from insufficient session expiration when an administrator makes a security-relevant edit to an existing, logged-on user. For instance, if a user's password is changed by an administrator due to a credential leak, the user account's current session remains valid after the password change. This could allow an attacker who initially compromised the credential to stay logged in and cause further damage.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.