CVE-2019-5640
LOWRapid7 Nexpose < 6.6.114 - Unauthenticated Exposure of Sensitive Information via Browser Inspect Element
Title source: llmDescription
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://docs.rapid7.com/release-notes/nexpose/20211117/
Scores
CVSS v3
3.3
EPSS
0.0052
EPSS Percentile
40.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
rapid7/nexpose
< 6.6.114
Published
Nov 22, 2021
Tracked Since
Feb 18, 2026