Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6504

Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.

Published

2024-07-18T10:15:03.373

Last Modified

2024-11-21T09:49:46.237

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-693
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insightvm	< 6.6.261	Yes

References

https://docs.rapid7.com/release-notes/insightvm/20240717/ Vendor Advisory ([email protected])
https://docs.rapid7.com/release-notes/insightvm/20240717/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)