{"containers": {"cna": {"affected": [{"product": "InsightVM", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "6.6.160", "status": "affected", "version": "6.6.160", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "datePublic": "2022-08-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T14:45:14.000Z", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "source": {"discovery": "UNKNOWN"}, "title": "Rapid7 InsightVM Information Disclosure after Logout", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-08-30T09:00:00.000Z", "ID": "CVE-2019-5641", "STATE": "PUBLIC", "TITLE": "Rapid7 InsightVM Information Disclosure after Logout"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InsightVM", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "6.6.160", "version_value": "6.6.160"}]}}]}, "vendor_name": "Rapid7"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "refsource": "CONFIRM", "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.221Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-27T18:41:24.403832Z", "id": "CVE-2019-5641", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T18:28:29.705Z"}}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5641", "datePublished": "2022-09-21T14:45:14.786Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2025-05-29T18:28:29.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.221Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-5641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-27T18:41:24.403832Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T18:41:42.893Z"}}], "cna": {"title": "Rapid7 InsightVM Information Disclosure after Logout", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Rapid7", "product": "InsightVM", "versions": [{"status": "affected", "version": "6.6.160", "versionType": "custom", "lessThanOrEqual": "6.6.160"}]}], "datePublic": "2022-08-30T00:00:00.000Z", "references": [{"url": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Information Exposure"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2022-09-21T14:45:14.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"defect": [], "advisory": "", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "", "version_name": "6.6.160", "version_value": "6.6.160", "version_affected": "<="}]}, "product_name": "InsightVM"}]}, "vendor_name": "Rapid7"}]}}, "exploit": [], "solution": [], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "name": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "work_around": [], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-5641", "AKA": "", "STATE": "PUBLIC", "TITLE": "Rapid7 InsightVM Information Disclosure after Logout", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-08-30T09:00:00.000Z"}, "configuration": []}}}, "cveMetadata": {"cveId": "CVE-2019-5641", "state": "PUBLISHED", "dateUpdated": "2025-05-29T18:28:29.705Z", "dateReserved": "2019-01-07T00:00:00.000Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2022-09-21T14:45:14.786Z", "assignerShortName": "rapid7"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D55F81-2863-4161-A9BE-D9845CEA085F", "versionEndIncluding": "6.6.160", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}, {"lang": "es", "value": "Rapid7 InsightVM sufre un problema de exposici\u00f3n de informaci\u00f3n por el que, cuando la sesi\u00f3n del usuario ha finalizado por inactividad, un atacante puede usar la funci\u00f3n del navegador Inspect Element para eliminar el panel de acceso y visualizar los detalles disponibles en la \u00faltima p\u00e1gina web visitada por el usuario anterior"}], "id": "CVE-2019-5641", "lastModified": "2024-11-21T04:45:17.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T15:15:10.243", "references": [{"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}