Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-0476 Injection vulnerability in Tenable Tenable.Sc
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-74
6.5
2023-01-26 CVE-2023-24493 Improper Input Validation vulnerability in Tenable Tenable.Sc
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-20
5.7
2023-01-26 CVE-2023-24494 Cross-site Scripting vulnerability in Tenable Tenable.Sc
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-79
5.4
2023-01-26 CVE-2023-24495 Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data.
network
low complexity
tenable CWE-918
6.5
2023-01-20 CVE-2023-0101 Improper Privilege Management vulnerability in Tenable Nessus
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1.
network
low complexity
tenable CWE-269
8.8
2022-10-31 CVE-2022-3499 Information Exposure Through Log Files vulnerability in Tenable Nessus
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
network
low complexity
tenable CWE-532
6.5
2022-10-25 CVE-2022-33757 Improper Privilege Management vulnerability in Tenable Nessus
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so.
network
low complexity
tenable CWE-269
6.5
2022-10-17 CVE-2022-28291 Insufficiently Protected Credentials vulnerability in Tenable Nessus
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping.
network
low complexity
tenable CWE-522
6.5
2022-06-21 CVE-2022-32973 Unspecified vulnerability in Tenable Nessus
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
network
low complexity
tenable
critical
9.0
2022-06-21 CVE-2022-32974 Unspecified vulnerability in Tenable Nessus
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
network
low complexity
tenable
4.0