Filtered by vendor Tenable
Subscriptions
Filtered by product Tenable.sc
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0130 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 8.1 High |
| Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. | ||||
| CVE-2023-24493 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 5.7 Medium |
| A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. | ||||
| CVE-2023-24495 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 6.5 Medium |
| A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. | ||||
| CVE-2023-24494 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. | ||||
| CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2024-08-02 | 8.8 High |
| As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | ||||
| CVE-2023-0476 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 6.5 Medium |
| A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection. | ||||