CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Published
2021-08-19T16:15:12.293
Last Modified
2024-11-21T06:06:23.437
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 4.3 (MEDIUM)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:P/I:P/A:N
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: NONE
Exploitability Score
8.0
Impact Score
4.9
Weaknesses
-
Type: Secondary
CWE-306
-
Type: Primary
CWE-306
Affected Vendors & Products
Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
Application |
rapid7
|
nexpose
|
< 6.6.96 |
Yes
|
References