VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026

CVE-2017-8051

CVE-2017-8051

Description

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Affected products

11
  • Tenable/Appliance11 versions
    cpe:2.3:a:tenable:appliance:3.10.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:tenable:appliance:3.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:3.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:3.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:3.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:tenable:appliance:4.4.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.