Securitycenter
by Tenable
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2630 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2026 | A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted. | ||
| CVE-2018-1154 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2018 | In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this… | ||
| CVE-2017-11508 | Hig | 0.57 | 8.8 | 0.01 | Nov 2, 2017 | SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the… | ||
| CVE-2026-2697 | Med | 0.41 | 6.3 | 0.00 | Feb 23, 2026 | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | ||
| CVE-2018-1155 | Med | 0.35 | 5.4 | 0.01 | Aug 2, 2018 | In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to… | ||
| CVE-2025-36636 | Med | 0.28 | 4.3 | 0.00 | Oct 8, 2025 | In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | ||
| CVE-2024-12174 | Low | 0.18 | 2.7 | 0.00 | Dec 9, 2024 | An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. | ||
| CVE-2007-2584 | 0.04 | — | 0.10 | May 10, 2007 | Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. | |||
| CVE-2026-2698 | 0.00 | — | 0.00 | Feb 23, 2026 | An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | |||
| CVE-2024-5759 | 0.00 | — | 0.00 | Jun 12, 2024 | An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | |||
| CVE-2024-1891 | 0.00 | — | 0.00 | Jun 12, 2024 | A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | |||
| CVE-2024-1471 | 0.00 | — | 0.00 | Feb 14, 2024 | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. | |||
| CVE-2024-1367 | 0.00 | — | 0.02 | Feb 14, 2024 | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | |||
| CVE-2023-2005 | 0.00 | — | 0.00 | Jun 26, 2023 | Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow… | |||
| CVE-2013-5911 | 0.00 | — | 0.01 | Sep 24, 2013 | Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
- risk 0.57cvss 8.8epss 0.01
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
- risk 0.57cvss 8.8epss 0.01
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this…
- risk 0.57cvss 8.8epss 0.01
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the…
- risk 0.41cvss 6.3epss 0.00
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
- risk 0.35cvss 5.4epss 0.01
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to…
- risk 0.28cvss 4.3epss 0.00
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
- risk 0.18cvss 2.7epss 0.00
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
- CVE-2007-2584May 10, 2007risk 0.04cvss —epss 0.10
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
- CVE-2026-2698Feb 23, 2026risk 0.00cvss —epss 0.00
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
- CVE-2024-5759Jun 12, 2024risk 0.00cvss —epss 0.00
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
- CVE-2024-1891Jun 12, 2024risk 0.00cvss —epss 0.00
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.
- CVE-2024-1471Feb 14, 2024risk 0.00cvss —epss 0.00
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
- CVE-2024-1367Feb 14, 2024risk 0.00cvss —epss 0.02
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
- CVE-2023-2005Jun 26, 2023risk 0.00cvss —epss 0.00
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow…
- CVE-2013-5911Sep 24, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.