These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5235 is a DLL preloading issue affecting Rapid7 Metasploit Pro installers. According to the CVE description, an attacker could place a malicious DLL in the installer’s current working directory and influence what the installer loads. NVD rates the issue HIGH with CVSS 3.0 7.8, reflecting the potential for local code execution when a user runs the installer. Rapid7’s advisory references a fixed in [truncated]
CVE-2017-5234 affects Rapid7 Insight Collector installers prior to 1.0.16. The NVD record states that the installer may load a malicious DLL from its current working directory, which can lead to code execution when a user runs the installer. NVD rates the issue HIGH with CVSS 7.8, and the CVE was published on 2017-03-02.
CVE-2017-5233 is a DLL preloading issue in Rapid7 AppSpider Pro installers before version 6.14.053. If the installer is launched from a directory containing a malicious DLL, it may load that DLL instead of the intended library. The risk is highest during installation, where a local attacker or a user working from an untrusted directory could influence code execution.
CVE-2017-5232 is a DLL preloading weakness in Rapid7 Nexpose installers affecting versions prior to 6.4.24. If the installer is launched from a directory containing a malicious DLL with a name the installer resolves, it may load that file during installation. The issue was publicly disclosed on 2017-03-02 and carries a high CVSS 3.0 score because successful abuse can impact confidentiality, integrity, and [truncated]
CVE-2017-5231 is a directory traversal issue in Rapid7 Metasploit’s Meterpreter stdapi CommandDispatcher.cmd_download() function. A specially crafted Meterpreter build can write to an arbitrary directory on the Metasploit console using the permissions of the running Metasploit instance. CVSS is HIGH (7.1). The CVE was published on 2017-03-02 and later modified by NVD on 2026-05-13.
CVE-2017-5230 affects Rapid7 Nexpose versions prior to 6.4.50. The issue is that the Java keystore used to store saved scan credentials is protected by a static password that users cannot change, weakening the security of credentials intended to be stored on disk. Rapid7’s release notes point to 6.4.50 as the fixed version, and the NVD entry classifies the weakness as CWE-798 (Use of Hard-coded Credentials).
CVE-2017-5229 is a high-severity directory traversal issue in Rapid7 Metasploit’s Meterpreter extapi Clipboard.parse_dump() path handling. A specially crafted Meterpreter build could cause the Metasploit console to write into an arbitrary directory with the privileges of the running instance. The vulnerability was published on 2017-03-02; NVD later updated the record on 2026-05-13.
CVE-2017-5228 is a directory traversal flaw in Rapid7 Metasploit's Meterpreter stdapi Dir.download() function. Per the CVE description, an attacker using a specially crafted Meterpreter build can write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. The issue was published on 2017-03-02 and carries a HIGH severity rating. Defensive focus should [truncated]