Security Advisory

CVE-2022-0757

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-17 22:30:18

Last updated 2024-09-16 17:48:14

Assigner rapid7

State PUBLISHED

Description

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

← Browse all CVEs View on cve.org ↗