CVE-2019-5630

Summary

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.

Affected Software

VendorProductVersion RangeStatus
Rapid7Nexpose/InsightVM Security Console6.5.0 through 6.5.68affected

Weaknesses

  • Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References