Vulnerabilities > Tenable > Tenable SC > 5.21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-0476 | Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 6.5 |
| 2023-01-26 | CVE-2023-24493 | Improper Input Validation vulnerability in Tenable Tenable.Sc A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 5.7 |
| 2023-01-26 | CVE-2023-24494 | Cross-site Scripting vulnerability in Tenable Tenable.Sc A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 5.4 |
| 2023-01-26 | CVE-2023-24495 | Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. | 6.5 |
| 2021-12-20 | CVE-2021-44224 | NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). | 8.2 |