SQL injection in Rapid7 Nexpose



Published: 2020-10-17
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2020-7383
CWE ID CWE-89
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Nexpose
Web applications / Other software

Vendor Rapid7

Security Advisory

This security advisory describes one medium risk vulnerability.

1) SQL injection

Risk: Medium

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7383

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within Security Console. A remote authenticated user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Nexpose: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.3.15, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.4.12, 6.4.13, 6.4.14, 6.4.15, 6.4.16, 6.4.17, 6.4.18, 6.4.19, 6.4.20, 6.4.21, 6.4.22, 6.4.23, 6.4.24, 6.4.25, 6.4.26, 6.4.27, 6.4.28, 6.4.29, 6.4.30, 6.4.31, 6.4.32, 6.4.33, 6.4.34, 6.4.35, 6.4.36, 6.4.37, 6.4.38, 6.4.39, 6.4.40, 6.4.41, 6.4.42, 6.4.43, 6.4.44, 6.4.45, 6.4.46, 6.4.47, 6.4.48, 6.4.49, 6.4.50, 6.4.51, 6.4.52, 6.4.53, 6.4.54, 6.4.55, 6.4.56, 6.4.57, 6.4.58, 6.4.59, 6.4.60, 6.4.61, 6.4.62, 6.4.63, 6.4.64, 6.4.65, 6.4.66, 6.4.67, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.5.11, 6.5.12, 6.5.13, 6.5.14, 6.5.15, 6.5.16, 6.5.17, 6.5.18, 6.5.19, 6.5.20, 6.5.21, 6.5.22, 6.5.23, 6.5.24, 6.5.25, 6.5.26, 6.5.27, 6.5.28, 6.5.29, 6.5.30, 6.5.31, 6.5.32, 6.5.33, 6.5.34, 6.5.35, 6.5.36, 6.5.37, 6.5.38, 6.5.39, 6.5.40, 6.5.41, 6.5.42, 6.5.43, 6.5.44, 6.5.45, 6.5.46, 6.5.47, 6.5.48, 6.5.49, 6.5.50, 6.5.51, 6.5.52, 6.5.53, 6.5.54, 6.5.55, 6.5.56, 6.5.57, 6.5.58, 6.5.59, 6.5.60, 6.5.61, 6.5.62, 6.5.63, 6.5.64, 6.5.65, 6.5.66, 6.5.67, 6.5.68, 6.5.69, 6.5.70, 6.5.71, 6.5.72, 6.5.73, 6.5.74, 6.5.75, 6.5.76, 6.5.77, 6.5.78, 6.5.79, 6.5.80, 6.5.81, 6.5.82, 6.5.83, 6.5.84, 6.5.85, 6.5.86, 6.5.87, 6.5.88, 6.5.89, 6.5.90, 6.5.91, 6.5.92, 6.5.93, 6.5.94, 6.5.95, 6.5.96, 6.5.97, 6.5.98, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48

CPE External links

https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing