Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rapid7 InsightVM Protection Mechanism Failure
Vulnerability Description
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Rapid7 InsightVM 安全漏洞
Vulnerability Description
Rapid7 InsightVM是美国Rapid7公司的一款漏洞扫描和管理应用程序。 Rapid7 InsightVM 6.6.260之前版本存在安全漏洞,该漏洞源于存在保护机制故障,攻击者可以通过发送无效的REST请求来导致控制台过载或崩溃。
CVSS Information
N/A
Vulnerability Type
N/A