Strix
26.1K

CVE-2019-5640

MEDIUMCVSS 5.3/10EPSS 0.52%

Last modified

CVE-2019-5640 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.52%

40.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Rapid7Nexpose< 6.6.114

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-5640?
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
How severe is CVE-2019-5640?
CVE-2019-5640 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2019-5640?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-5640?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST