Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24493 | Improper Input Validation vulnerability in Tenable Tenable.Sc A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 5.7 |
| 2023-01-26 | CVE-2023-24494 | Cross-site Scripting vulnerability in Tenable Tenable.Sc A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 5.4 |
| 2023-01-26 | CVE-2023-24495 | Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. | 6.5 |
| 2023-01-20 | CVE-2023-0101 | Improper Privilege Management vulnerability in Tenable Nessus A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. | 8.8 |
| 2022-10-31 | CVE-2022-3499 | Information Exposure Through Log Files vulnerability in Tenable Nessus An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | 6.5 |
| 2022-10-25 | CVE-2022-33757 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. | 6.5 |
| 2022-10-17 | CVE-2022-28291 | Insufficiently Protected Credentials vulnerability in Tenable Nessus Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. | 6.5 |
| 2022-06-21 | CVE-2022-32973 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | 8.8 |
| 2022-06-21 | CVE-2022-32974 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | 6.5 |
| 2022-04-13 | CVE-2022-24828 | Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. | 8.8 |