Rapid7 Metasploit 4.16.0 20190722 Pro Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:*:*:pro:*:*:*
part: a version: 4.16.0 update: 20190722
| Vendor | Rapid7 (d570a41c-9d2a-5057-8a47-227f116734f8) |
|---|---|
| Product | Metasploit (18f6b95a-9ee1-54c6-a236-06556391475c) |
| Edition | * |
| Language | * |
| Software edition | pro |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/cfield/metasploit-framework |
purl2cpe | 2026-06-01 10:11:01.552676 |
pkg:gem/metasploit-framework |
purl2cpe | 2026-06-01 10:11:01.552677 |
pkg:github/rapid7/metasploit-framework |
purl2cpe | 2026-06-01 10:11:01.552679 |
pkg:gitlab/kalilinux/metasploit-framework |
purl2cpe | 2026-06-01 10:11:01.552680 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-5642 |
vulnerable | 2026-06-03 14:40:35.895382 |
MAGICK
LOW (3.3)
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Published: 2019-11-06T18:30:42.787Z
Updated: 2024-09-17T04:24:03.024Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.