CVE-2023-1699

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.  This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt