CVE-2019-5640 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2019-5640?

CVE-2019-5640 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5640?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Nexpose.

Vulnerability Description

Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapid7	Nexpose	< 6.6.114

Related Weaknesses (CWE)

CWE-200

References

https://docs.rapid7.com/release-notes/nexpose/20211117/Vendor Advisory
https://docs.rapid7.com/release-notes/nexpose/20211117/Vendor Advisory

FAQ

What is CVE-2019-5640?

CVE-2019-5640 is a vulnerability with a CVSS score of 3.3 (LOW). Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature...

How severe is CVE-2019-5640?

CVE-2019-5640 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5640?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Nexpose.