5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
[R1] Security Center Version 6.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 06/10/2024 - 01:00
Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (Apache, PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Security Center 6.4.0 updates Apache to version 2.4.59 and PHP to version 8.2.13 to address the identified vulnerabilities.
Additionally, two separate vulnerabilities were discovered, reported and fixed:
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. - CVE-2024-1891
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges. - CVE-2024-5759
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%