Rapid7 InsightVM Security Console open redirect | CVE-2023-0681

NAME
__________
Rapid7 InsightVM Security Console open redirect

Platforms Affected:
Rapid7 InsightVM 6.6.178

Risk Level:
4.3

Exploitability:
Unproven

Consequences:
Gain Access

DESCRIPTION
__________

Rapid7 InsightVM could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in data/console/redirect component. An attacker could exploit this vulnerability using the page parameter to redirect a victim to arbitrary Web sites.

CVSS 3.0 Information
__________

Privileges Required:
None

User Interaction:
Required

Scope:
Unchanged

Access Vector:
Network

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.

Tags: CVE, CVE-2023-0681, Gain Access

Rapid7 InsightVM Security Console open redirect | CVE-2023-0681

[CICADA3301] – Ransomware Victim: Johnson’s Nursery

Unlocking the Power of Virtual Private Networks

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

You may have missed

[CICADA3301] – Ransomware Victim: Johnson’s Nursery

Unlocking the Power of Virtual Private Networks

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications