CVE-2023-1699 Information

Description

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.

Reference

https://docs.rapid7.com/release-notes/nexpose/20230329/