Security Announcement

• CVE-2019-5641, an information disclosure vulnerability with a CVSSv3 score of 1.6 has been discovered in InsightVM. This issue could potentially allow an attacker with remote or physical access to view InsightVM information when a user’s session ends due to inactivity. See our 2017 blog post  for our mitigation philosophy regarding post-authentication vulnerabilities. Special thanks to Ashutosh Barot for reporting this issue to Rapid7.