Appliance
by Tenable
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8051 | Cri | 0.68 | 9.8 | 0.16 | Apr 21, 2017 | Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | ||
| CVE-2017-8050 | Hig | 0.49 | 7.5 | 0.01 | Apr 21, 2017 | Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | ||
| CVE-2017-6543 | Hig | 0.48 | 7.3 | 0.01 | Mar 8, 2017 | Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated… | ||
| CVE-2018-1142 | Med | 0.35 | 5.4 | 0.01 | Mar 28, 2018 | Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline… | ||
| CVE-2023-26788 | 0.00 | — | 0.00 | Apr 10, 2023 | Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. | |||
| CVE-2012-0263 | 0.00 | — | 0.02 | Dec 31, 2013 | monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2)… |
- risk 0.68cvss 9.8epss 0.16
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
- risk 0.49cvss 7.5epss 0.01
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
- risk 0.48cvss 7.3epss 0.01
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated…
- risk 0.35cvss 5.4epss 0.01
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline…
- CVE-2023-26788Apr 10, 2023risk 0.00cvss —epss 0.00
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
- CVE-2012-0263Dec 31, 2013risk 0.00cvss —epss 0.02
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2)…