CVE-2021-3844 — MEDIUM (5.7)

Q: How severe is CVE-2021-3844?

CVE-2021-3844 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3844?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Insightvm.

Vulnerability Description

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapid7	Insightvm	< 6.5.50

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2021-3844?

CVE-2021-3844 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an...

How severe is CVE-2021-3844?

CVE-2021-3844 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3844?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Insightvm.