[R1] Security Center Version 6.4.0 Fixes Multiple Vulnerabilities

[R1] Security Center Version 6.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 06/10/2024 - 01:00

Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (Apache, PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Security Center 6.4.0 updates Apache to version 2.4.59 and PHP to version 8.2.13 to address the identified vulnerabilities.

Additionally, two separate vulnerabilities were discovered, reported and fixed:

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. - CVE-2024-1891

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges. - CVE-2024-5759