Known Vulnerabilities for products from Tenable
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Tenable".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-24495 json | A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessib... | 6.5 - MEDIUM | 2023-01-26 | 2023-02-06 |
| CVE-2023-24494 json | A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input befo... | 5.4 - MEDIUM | 2023-01-26 | 2023-02-02 |
| CVE-2023-24493 json | A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it ... | 5.7 - MEDIUM | 2023-01-26 | 2023-02-02 |
| CVE-2023-5847 json | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to es... | 7.3 - HIGH | 2023-11-01 | 2023-11-14 |
| CVE-2023-5624 json | Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an adm... | 7.2 - HIGH | 2023-10-26 | 2023-11-06 |
| CVE-2023-5623 json | NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code... | 7.8 - HIGH | 2023-10-26 | 2023-11-07 |
| CVE-2023-5622 json | Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SY... | 8.8 - HIGH | 2023-10-26 | 2023-11-07 |
| CVE-2023-3253 json | An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of a... | 4.3 - MEDIUM | 2023-08-29 | 2023-09-01 |
| CVE-2023-3252 json | An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alt... | 6.5 - MEDIUM | 2023-08-29 | 2023-09-01 |
| CVE-2023-3251 json | A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored ... | 4.9 - MEDIUM | 2023-08-29 | 2023-09-01 |
| CVE-2023-2005 json | Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Fee... | 8.8 - HIGH | 2023-06-26 | 2023-07-05 |
| CVE-2023-0524 json | As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could a... | 8.8 - HIGH | 2023-02-01 | 2023-02-07 |
| CVE-2023-0476 json | A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to ... | 6.5 - MEDIUM | 2023-01-26 | 2023-02-06 |
| CVE-2023-0101 json | A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An au... | 8.8 - HIGH | 2023-01-20 | 2023-01-28 |
| CVE-2022-33757 json | An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges ... | 6.5 - MEDIUM | 2022-10-25 | 2023-08-08 |
| CVE-2022-32974 json | An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom craft... | 6.5 - MEDIUM | 2022-06-21 | 2022-06-28 |
| CVE-2022-32973 json | An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with admini... | 8.8 - HIGH | 2022-06-21 | 2022-06-28 |
| CVE-2022-28291 json | Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentia... | 6.5 - MEDIUM | 2022-10-17 | 2022-10-19 |
| CVE-2022-24828 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-04-13 | 2023-11-07 |
| CVE-2022-24785 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-04-04 | 2023-11-07 |
Known software with vulnerabilities from Tenable
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tenable | Appliance | 2.0.0 |
| Application | Tenable | Log Correlation Engine | 4.8.0 |
| Application | Tenable | Nessus | 4.4.1.15078 |
| Application | Tenable | Nessus Agent | 6.10.2 |
| Application | Tenable | Nessus Network Monitor | 5.11.0 |
| Application | Tenable | Plugin-set | 201402092115 |
| Application | Tenable | Securitycenter | 4.6 |
| Application | Tenable | Tenable.sc | 5.14.0 |
| Application | Tenable | Web Ui | 2.3.3 |