Nov 17, 20216.6.114

Fixed

  • Hostnames are no longer prevented from correctly mapping against IP addresses for CyberArk Dynamic requests.
  • Rule 2.3.10.1 in the Center for Internet Security (CIS) Microsoft Windows 10 Enterprise Release 20H2 benchmark version 1.10.1 no longer shows incorrect rule failures.

Security Updates

  • We fixed CVE-2019-5640, an information disclosure vulnerability affecting Nexpose. This vulnerability could have allowed attackers with remote access to gain user information when a user’s session ends due to inactivity, by using the browser’s inspect feature to view the details available in the last page visited by the user. This issue affects all Security Console versions up to and including 6.6.113. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. Special thanks to Ashutosh Barot for reporting this issue to Rapid7.