cpe:2.3:a:tenable:tenable.sc:5.23.1:*:*:*:*:*:*:*
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-01-26
Updated
2023-02-06
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-01-26
Updated
2023-02-02
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
Max CVSS
5.7
EPSS Score
0.06%
Published
2023-01-26
Updated
2023-02-02
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-01-26
Updated
2023-02-06
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!