CVE-2021-31868

Summary

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.

Affected Software

VendorProductVersion RangeStatus
Rapid7Nexpose6.6.95 <= 6.6.95affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References