96 matches found
Tenable SecurityCenter < 5.19.0 Multiple XSS Vulnerabilities (TNS-2021-14)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: - Bootstrap - SimpleSAML Note that successful exploitation of the most serious issues...
Tenable SecurityCenter 5.13.x < 5.18.0 DoS (TNS-2021-06)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is version 5.13.x 5.18.0 and affected by the following OpenSSL denial of service vulnerability: - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello...
Tenable SecurityCenter 5.9.x to 5.12.x SimpleSAMLPHP Privilege Escalation (TNS-2020-01)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is 5.9.x, 5.10.x, 5.11.x or 5.12.x. It is, therefore, affected by a privilege escalation vulnerability due to incorrect validation of cryptographic signatures in XML messages in the...
Tenable SecurityCenter 5.16.x / 5.17.0 Multiple Vulnerabilities (TNS-2021-03)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is in the 5.16.0 - 5.17.0 version range. It is, therefore, affected by multiple vulnerabilities in a third-party component OpenSSL. Updated versions have been made available by the provider...
Tenable SecurityCenter 5.13.0 - 5.17.0 Remote Code Execution (TNS-2021-03)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is in the 5.13.0 through 5.17.0 version range. Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated,...
Tenable SecurityCenter < 5.14.0 Multiple Vulnerabilities (TNS-2020-02)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is earlier than 5.14.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues nor the stand-alone patch but has instead relied only on the...
Tenable SecurityCenter < 5.17.0 Multiple Vulnerabilities (TNS-2020-11)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is earlier than 5.17.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues nor the stand-alone patch but has instead relied only on the...
Tenable SecurityCenter < 5.8.0 Multiple Vulnerabilities (TNS-2018-15)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is 5.7.1 or earlier. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues nor the stand-alone patch but has instead relied only on the...
[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...
[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...
Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported...
[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
Tenable SecurityCenter < 5.7.0 Multiple Vulnerabilites (TNS-2018-11)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is affected by multiple vulnerabilities: - In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of...
CVE-2018-1155
In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...
Cross site scripting
In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...
Code injection
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue...
CVE-2018-1154
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue...
CVE-2018-1155
In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...
CVE-2018-1154
The CVE-2018-1154 issue affects SecurityCenter prior to version 5.7.0, where an unauthenticated attacker could enumerate username aliases by brute-forcing responses, potentially leading to unauthorized access. The issue’s root cause is a username enumeration mechanism; mitigation configured in th...