CVE-2023-1699 MEDIUM

CVE-2023-1699: Rapid7 Nexpose Forced Browsing

Vendor Rapid7
Product Nexpose
Weakness CWE-425 · Forced browsing
Published March 30, 2023
Last update February 11, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.  This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.  

Key dates

02Disclosure timeline

March 30, 2023 CVE published
February 11, 2025 Record updated