What the vulnerability does

01Description

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

Key dates

02Disclosure timeline

December 14, 2017 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE