Skip to Content

Aug 30, 2022

Read our security announcement about a low risk information disclosure issue in InsightVM browser sessions.

Security Announcement

  • CVE-2019-5641, an information disclosure vulnerability with a CVSSv3 score of 1.6 has been discovered in InsightVM. This issue could potentially allow an attacker with remote or physical access to view InsightVM information when a user’s session ends due to inactivity. See our 2017 blog post for our mitigation philosophy regarding post-authentication vulnerabilities. Special thanks to Ashutosh Barot for reporting this issue to Rapid7.