CNNVD-202602-392 Information
CNNVD ID
CNNVD-202602-392
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Rapid7 InsightVM是美国Rapid7公司的一款漏洞扫描和管理应用程序。 Rapid7 InsightVM 8.34.0之前版本存在安全漏洞,该漏洞源于断言消费者服务云端点的签名验证问题,可能导致攻击者未经授权访问通过安全控制台安装设置的InsightVM账户,造成账户接管。
Description (English)
Rapid7 InsightVM is a leak-scanting and management application of the United States company Rapid7. The security gap in the pre-Rapid7 InsightVM 8.34.0 version stems from the problem of authentication of the signature of the asserted cloud endpoint of the consumer service, which could lead to unauthorized access by the assailants to the InsightVM account installed through the security control counter, causing the account to be taken over.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rapid7
Published
2026-02-03
Last Modified
2026-02-24
References
https://docs.rapid7.com/insight/command-platform-release-notes/ https://access.redhat.com/security/cve/cve-2026-1568
Patch
https://www.rapid7.com/products/insightvm/
Share on: