VYPR

Tenable.sc

by Tenable

CVEs (12)

  • CVE-2021-3712HigAug 24, 2021
    risk 0.41cvss 7.4epss 0.50

    ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is…

  • CVE-2026-4433LowMar 24, 2026
    risk 0.12cvss epss 0.00

    An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information…

  • CVE-2023-2005Jun 26, 2023
    risk 0.00cvss epss 0.00

    Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow…

  • CVE-2023-0524Feb 1, 2023
    risk 0.00cvss epss 0.01

    As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have…

  • CVE-2023-24494Jan 25, 2023
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary…

  • CVE-2023-24493Jan 25, 2023
    risk 0.00cvss epss 0.01

    A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to…

  • CVE-2023-24495Jan 25, 2023
    risk 0.00cvss epss 0.01

    A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

  • CVE-2023-0476Jan 25, 2023
    risk 0.00cvss epss 0.01

    A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.

  • CVE-2022-0130Jan 14, 2022
    risk 0.00cvss epss 0.02

    Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server…

  • CVE-2021-20076Mar 3, 2021
    risk 0.00cvss epss 0.02

    Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.

  • CVE-2020-5808Dec 21, 2020
    risk 0.00cvss epss 0.01

    In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.

  • CVE-2020-5737Apr 17, 2020
    risk 0.00cvss epss 0.01

    Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.