All the vulnerabilites related to tenable - appliance
cve-2017-8050
Vulnerability from cvelistv5
Published
2017-04-21 18:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vulndb.cyberriskanalytics.com/153134 | x_refsource_MISC | |
| http://www.tenable.com/security/tns-2017-07 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulndb.cyberriskanalytics.com/153134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tenable.com/security/tns-2017-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulndb.cyberriskanalytics.com/153134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tenable.com/security/tns-2017-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vulndb.cyberriskanalytics.com/153134",
"refsource": "MISC",
"url": "https://vulndb.cyberriskanalytics.com/153134"
},
{
"name": "http://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2017-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8050",
"datePublished": "2017-04-21T18:00:00Z",
"dateReserved": "2017-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:32.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6543
Vulnerability from cvelistv5
Published
2017-03-08 23:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tenable.com/security/tns-2017-06 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96418 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tenable.com/security/tns-2017-06"
},
{
"name": "96418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-13T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tenable.com/security/tns-2017-06"
},
{
"name": "96418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tenable.com/security/tns-2017-06",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2017-06"
},
{
"name": "96418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6543",
"datePublished": "2017-03-08T23:00:00",
"dateReserved": "2017-03-08T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1142
Vulnerability from cvelistv5
Published
2018-03-28 13:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/tns-2018-02 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tenable | Tenable Appliance |
Version: Tenable Appliance versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tenable Appliance",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "Tenable Appliance versions"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-28T12:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-03-27T00:00:00",
"ID": "CVE-2018-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tenable Appliance",
"version": {
"version_data": [
{
"version_value": "Tenable Appliance versions"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2018-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1142",
"datePublished": "2018-03-28T13:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-17T03:23:47.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8051
Vulnerability from cvelistv5
Published
2017-04-21 18:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vulndb.cyberriskanalytics.com/153135 | x_refsource_MISC | |
| http://www.tenable.com/security/tns-2017-07 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/41892/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"name": "41892",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41892/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"name": "41892",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41892/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vulndb.cyberriskanalytics.com/153135",
"refsource": "MISC",
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"name": "http://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"name": "41892",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41892/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8051",
"datePublished": "2017-04-21T18:00:00Z",
"dateReserved": "2017-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:34.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-04-21 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.tenable.com/security/tns-2017-07 | Patch, Vendor Advisory | |
| cve@mitre.org | https://vulndb.cyberriskanalytics.com/153135 | Permissions Required | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41892/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tenable.com/security/tns-2017-07 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulndb.cyberriskanalytics.com/153135 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41892/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:appliance:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "088E231D-5992-4ADD-BA36-1ED9F9A474B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD287989-729F-4620-AF79-30ADB6A092A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577B30FC-4CB0-48B7-BC02-D63E896BFF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9FADBB-32BD-4554-825E-77187F966FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF337FD4-177B-4C13-A94A-89E745792CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93F821B1-C5A7-4AA3-8E9D-384C23848B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D38918B9-AFB5-45AB-A00B-4074771AF649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0B18A3-FBAD-4343-9253-479214175FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "807211FA-BE46-433F-8D6F-66CFA2868890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1140F38C-83AF-4571-8C0F-4BB493A0028E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tenable:appliance:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32DE9C00-60A6-4D42-8C3A-DED6E9D4EDF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands."
},
{
"lang": "es",
"value": "Tenable Appliance 3.5 - 4.4.0, y, posiblemente, versiones anteriores, contiene un fallo en la secuencia de comandos simpleupload.py en la Web UI. Mediante la manipulaci\u00f3n del par\u00e1metro tns_appliance_session_user, un atacante remoto puede inyectar comandos arbitrarios."
}
],
"id": "CVE-2017-8051",
"lastModified": "2024-11-21T03:33:13.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T18:59:00.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41892/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41892/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.tenable.com/security/tns-2017-07 | Patch, Vendor Advisory | |
| cve@mitre.org | https://vulndb.cyberriskanalytics.com/153134 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tenable.com/security/tns-2017-07 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulndb.cyberriskanalytics.com/153134 | Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40B4557E-A172-46A3-833A-89CC72205122",
"versionEndIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password."
},
{
"lang": "es",
"value": "Tenable Appliance 4.4.0, , y, posiblemente, versiones anteriores, contiene un fallo en la Web UI que permite la manipulaci\u00f3n no autorizada de la contrase\u00f1a del admin."
}
],
"id": "CVE-2017-8050",
"lastModified": "2024-11-21T03:33:13.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T18:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://vulndb.cyberriskanalytics.com/153134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vulndb.cyberriskanalytics.com/153134"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-28 13:29
Modified
2024-11-21 03:59
Severity ?
Summary
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/tns-2018-02 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2018-02 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C63836-402A-4692-B28F-471BAB949A35",
"versionEndIncluding": "4.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenable Appliance en versiones 4.6.1 y anteriores contiene una \u00fanica vulnerabilidad de Cross-Site Scripting (XSS). Empleando una petici\u00f3n especialmente manipulada, un atacante autenticado podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario manipulando determinados par\u00e1metros URL relacionados con plugins sin conexi\u00f3n."
}
],
"id": "CVE-2018-1142",
"lastModified": "2024-11-21T03:59:16.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-28T13:29:00.277",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-02"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-08 23:59
Modified
2024-11-21 03:29
Severity ?
Summary
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E181A92-DCD5-42B1-BA16-9744873AABD0",
"versionEndIncluding": "6.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:appliance:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32DE9C00-60A6-4D42-8C3A-DED6E9D4EDF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows."
},
{
"lang": "es",
"value": "Tenable Nessus en versiones anteriores a 6.10.2 (tal como se utiliza s\u00f3lo o en Tenable Appliance en versiones anteriores a 4.5.0) se encontr\u00f3 que conten\u00eda un fallo que permit\u00eda a un atacante remoto autenticado cargar un archivo manipulado que pod\u00eda ser escrito en cualquier parte del sistema. Esto podr\u00eda ser utilizado para obtener posteriormente privilegios elevados en el sistema (por ejemplo, despu\u00e9s de un reinicio). Este problema solo afecta a instalaciones de Windows."
}
],
"id": "CVE-2017-6543",
"lastModified": "2024-11-21T03:29:59.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-08T23:59:00.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96418"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tenable.com/security/tns-2017-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}