Filtered by vendor Rapid7
Subscriptions
Filtered by product Insight Platform
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11401 | 1 Rapid7 | 1 Insight Platform | 2024-12-11 | N/A |
| Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. | ||||
| CVE-2024-8042 | 1 Rapid7 | 1 Insight Platform | 2024-09-17 | 2.4 Low |
| Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024. | ||||
Page 1 of 1.