Tenable.sc 5.21.0

CPE Details

Tenable.sc 5.21.0
5.21.0
2022-04-21
11h08 +00:00
2022-04-22
16h04 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:tenable:tenable.sc:5.21.0:*:*:*:*:*:*:*

Informations

Vendor

tenable

Product

tenable.sc

Version

5.21.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-0476 2023-01-25 00h00 +00:00 A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
6.5
Medium
CVE-2023-24493 2023-01-25 00h00 +00:00 A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
5.7
Medium
CVE-2023-24494 2023-01-25 00h00 +00:00 A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
5.4
Medium
CVE-2023-24495 2023-01-25 00h00 +00:00 A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
6.5
Medium
CVE-2021-44224 2021-12-20 10h20 +00:00 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
8.2
High