Scan free
LOWCVE-2019-5615CVSS 3.1

CVE-2019-5615: Credentials Leak in Rapid7 InsightVM

Platform

other

Component

rapid7-insightvm

Fixed in

6.5.50

6.5.11*

AI Confidence: highNVDEPSS 0.3%Reviewed: May 2026
View on NVD
Save

CVE-2019-5615 affects Rapid7 InsightVM versions 6.5.11 through 6.5.49. This vulnerability allows users with Site-level permissions to access files containing sensitive information, including username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. While decryption and privilege escalation require additional steps, the exposure of these credentials poses a significant security risk. A fix is available in version 6.5.50.

Impact and Attack Scenarios

The primary impact of CVE-2019-5615 lies in the potential exposure of administrator credentials. An attacker with Site-level access could obtain encrypted passwords and backup salts. While these are not immediately usable, successful decryption would grant the attacker access to the Security Console as a Global Administrator, enabling them to modify system configurations, add or remove users, and potentially compromise the entire InsightVM deployment. The ability to access backup passwords also presents a risk of unauthorized data recovery or modification. The vulnerability's LOW CVSS score reflects the requirement for additional steps beyond initial access to exploit it fully.

Exploitation Context

CVE-2019-5615 was publicly disclosed on April 9, 2019. There is no indication of active exploitation or KEV listing at the time of this writing. Public proof-of-concept code is not readily available, suggesting a relatively low exploitation probability. The vulnerability's impact is contingent on an attacker already possessing Site-level access within the InsightVM environment.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.30% (53% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N3.1LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentrapid7-insightvm
VendorRapid7
Affected rangeFixed in
6.5.49 – 6.5.496.5.50
6.5.11 – 6.5.11*6.5.11*

Weakness Classification (CWE)

CWE-257

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2019-5615 is to upgrade Rapid7 InsightVM to version 6.5.50 or later. Prior to upgrading, it is recommended to create a full backup of the InsightVM system to facilitate rollback if necessary. Review Site-level permissions and restrict access to only those users who require it. Consider implementing multi-factor authentication (MFA) for administrator accounts to add an extra layer of security even if credentials are compromised. After upgrading, confirm the fix by verifying that the sensitive files are no longer accessible to Site-level users.

How to fix

Update Rapid7 InsightVM to version 6.5.50 or later. This update corrects the stored credential exposure vulnerability. See the release notes for 6.5.50 on the Rapid7 website for more details.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-5615 — Credentials Leak in Rapid7 InsightVM?

CVE-2019-5615 is a vulnerability in Rapid7 InsightVM versions 6.5.11–6.5.49 that allows Site-level users to access files containing encrypted administrator passwords and backup salts.

Am I affected by CVE-2019-5615 in Rapid7 InsightVM?

If you are running Rapid7 InsightVM version 6.5.11 through 6.5.49, you are potentially affected by this vulnerability.

How do I fix CVE-2019-5615 in Rapid7 InsightVM?

Upgrade Rapid7 InsightVM to version 6.5.50 or later to remediate this vulnerability. Back up your system before upgrading.

Is CVE-2019-5615 being actively exploited?

There is currently no evidence of active exploitation of CVE-2019-5615.

Where can I find the official Rapid7 advisory for CVE-2019-5615?

Refer to the Rapid7 security advisory for detailed information and mitigation steps: https://www.rapid7.com/blog/post/2019-04-09-insightvm-credentials-leak/

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs