CVE-2022-0757 in Nexposeinfo

Summary

by MITRE • 03/18/2022

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the &quot;ANY&quot; and &quot;OR&quot; operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Rapid7, Inc.

Reservation

02/24/2022

Disclosure

03/18/2022

Moderation

accepted

Entry

VDB-195411

CPE

ready

CWE

CWE-89 (confirmed)

CVSS

5.5 (CNA)

EPSS

0.01183

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-0757
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-0757
CVE Details	https://www.cvedetails.com/cve/CVE-2022-0757/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!