5 matches found
CVE-2024-1891
The CVE-2024-1891 entry describes a stored cross-site scripting vulnerability in Tenable Security Center. A authenticated, remote attacker could inject HTML code into a web application scan result page due to inadequate input handling in the affected component/file. Relevant details show impact c...
CVE-2024-1471
CVE-2024-1471 is an HTML injection vulnerability affecting Tenable Security Center (prior to 6.3.0). An authenticated administrator could modify Repository parameters, potentially causing HTML redirection. Impact is described as Medium (per CVSS metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N or I:L...
CVE-2024-1367
Summary: CVE-2024-1367 is a command-injection vulnerability in Tenable Security Center. An authenticated, remote attacker with administrator privileges could modify Logging parameters, potentially executing arbitrary code on the Security Center host. The issue is mitigated by the Security Center ...
CVE-2026-2697
CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...
CVE-2026-2698
CVE-2026-2698 is an improper access control vulnerability described across multiple sources as allowing an authenticated user to access areas outside their authorized scope. Connected documents tie the issue to Tenable Security Center (and its 6.8.0 fix) and Red Hat/NVD entries, all noting the sa...