Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31868


Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.


Published

2021-08-19T16:15:12.293

Last Modified

2024-11-21T06:06:23.437

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

4.9

Weaknesses
  • Type: Secondary
    CWE-306
  • Type: Primary
    CWE-306

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application rapid7 nexpose < 6.6.96 Yes

References