Lucene search

K
cve[email protected]CVE-2014-4980
HistoryJul 23, 2014 - 2:55 p.m.

CVE-2014-4980

2014-07-2314:55:06
CWE-200
web.nvd.nist.gov
19
cve-2014-4980
tenable
web ui
vulnerability
remote attackers
sensitive information
token parameter
nvd
nessus

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.6%

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

Affected configurations

NVD
Node
tenablenessusMatch5.2.3
OR
tenablenessusMatch5.2.4
OR
tenablenessusMatch5.2.5
OR
tenablenessusMatch5.2.6
OR
tenablenessusMatch5.2.7
OR
tenableweb_uiRange2.3.4

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.6%