Forced Browsing Vulnerability in Rapid7 Nexpose Versions 6.6.186 and Below

Forced Browsing Vulnerability in Rapid7 Nexpose Versions 6.6.186 and Below

CVE-2023-1699 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.  This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.  

Learn more about our Api Penetration Testing.