Session Hijacking Vulnerability in Rapid7 Nexpose
CVE-2012-6494

6.1MEDIUM

Key Information:

Vendor: Rapid7
Status: Nexpose
Vendor: CVE Published:; 25 January 2020

What is CVE-2012-6494?

A session hijacking vulnerability present in Rapid7 Nexpose before version 5.5.4 allows remote attackers to intercept and take control of a user's active session. This security flaw can enable unauthorized access to sensitive data and resources, posing significant risks to organizations relying on findings and assessments generated by the affected product.

References

http://www.securityfocus.com/bid/57150

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/80982

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2020
Vulnerability Reserved
Jan 2, 2013