cvelistv5 - cve-2024-52806

CVE-2024-52806 (GCVE-0-2024-52806)

Vulnerability from cvelistv5 – Published: 2024-12-02 16:18 – Updated: 2024-12-02 19:12

Summary

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/simplesamlphp/saml2/security/a…	x_refsource_CONFIRM
	https://github.com/simplesamlphp/saml2/commit/5fd…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	simplesamlphp	saml2	Affected: < 4.6.14 Affected: >= 5.0.0-alpha.1, < 5.0.0-alpha.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "saml2",
            "vendor": "simplesamlphp",
            "versions": [
              {
                "lessThan": "4.6.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.0.0-alpha.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.0.0-alpha.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52806",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:10:45.941998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T19:12:33.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "saml2",
          "vendor": "simplesamlphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.6.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T16:18:43.485Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"
        },
        {
          "name": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"
        }
      ],
      "source": {
        "advisory": "GHSA-pxm4-r5ph-q2m2",
        "discovery": "UNKNOWN"
      },
      "title": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52806",
    "datePublished": "2024-12-02T16:18:43.485Z",
    "dateReserved": "2024-11-15T17:11:13.442Z",
    "dateUpdated": "2024-12-02T19:12:33.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.\"}, {\"lang\": \"es\", \"value\": \"La librer\\u00eda SAML2 SimpleSAMLphp es una librer\\u00eda PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\\u00f3 en 4.6.14 y 5.0.0-alpha.18.\"}]",
      "id": "CVE-2024-52806",
      "lastModified": "2024-12-02T17:15:12.580",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.7}]}",
      "published": "2024-12-02T17:15:12.580",
      "references": "[{\"url\": \"https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2\", \"source\": \"security-advisories@github.com\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52806\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-02T17:15:12.580\",\"lastModified\":\"2024-12-02T17:15:12.580\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.\"},{\"lang\":\"es\",\"value\":\"La librer\u00eda SAML2 SimpleSAMLphp es una librer\u00eda PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en 4.6.14 y 5.0.0-alpha.18.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"references\":[{\"url\":\"https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52806\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-02T19:10:45.941998Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*\"], \"vendor\": \"simplesamlphp\", \"product\": \"saml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.6.14\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.0.0-alpha.1\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.0.0-alpha.18\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-02T19:12:22.844Z\"}}], \"cna\": {\"title\": \"SimpleSAMLphp SAML2 has an XXE in parsing SAML messages\", \"source\": {\"advisory\": \"GHSA-pxm4-r5ph-q2m2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"simplesamlphp\", \"product\": \"saml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.6.14\"}, {\"status\": \"affected\", \"version\": \"\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.18\"}]}], \"references\": [{\"url\": \"https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2\", \"name\": \"https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7\", \"name\": \"https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611: Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-02T16:18:43.485Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52806\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-02T19:12:33.197Z\", \"dateReserved\": \"2024-11-15T17:11:13.442Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-02T16:18:43.485Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-52806

Vulnerability from fkie_nvd - Published: 2024-12-02 17:15 - Updated: 2024-12-02 17:15

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
	security-advisories@github.com	https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda SAML2 SimpleSAMLphp es una librer\u00eda PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en 4.6.14 y 5.0.0-alpha.18."
    }
  ],
  "id": "CVE-2024-52806",
  "lastModified": "2024-12-02T17:15:12.580",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-02T17:15:12.580",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-PXM4-R5PH-Q2M2

Vulnerability from github – Published: 2024-12-02 17:25 – Updated: 2024-12-13 20:39

Summary

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Details

Summary

When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

$options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 including the DTDLoad option, which allows an attacker to read file contents from local file system OR internal network.

While there is the NONET option, an attacker can simply bypass if by using PHP filters: php://filter/convert.base64-encode/resource=http://URL OR FILE

From there an attacker can induce network connections and steal the targeted file OOB (haven't fully tested this).

RCE may be possible with the php://expect or php://phar wrappers, but this hasn't been tested.

Note: The mitigation here: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L63-L69 Comes too late, as the XML has already been loaded into a document. Mitigation:

Remove the LIBXML_DTDLOAD | LIBXML_DTDATTR options. Additionally, as a defense in depth measure, check if there is the string: <!DOCTYPE inside the XML before parsing it. (This is not a complete fix because someone may be able to exploit some parser differentials, to load a DOCTYPE, maybe through spacing like: <! DOCTYPE)

Severity ?

8.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "simplesamlphp/saml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "simplesamlphp/saml2-legacy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-02T17:25:43Z",
    "nvd_published_at": "2024-12-02T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Summary\n\nWhen loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE.\n\n$options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41\nincluding the DTDLoad option, which allows an attacker to read file contents from local file system OR internal network.\n\nWhile there is the NONET option, an attacker can simply bypass if by using PHP filters:\nphp://filter/convert.base64-encode/resource=http://URL OR FILE\n\nFrom there an attacker can induce network connections and steal the targeted file OOB (haven\u0027t fully tested this).\n\nRCE may be possible with the php://expect or php://phar wrappers, but this hasn\u0027t been tested.\n\nNote:\nThe mitigation here:\nhttps://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L63-L69\nComes too late, as the XML has already been loaded into a document.\nMitigation:\n\nRemove the LIBXML_DTDLOAD | LIBXML_DTDATTR options.\nAdditionally, as a defense in depth measure, check if there is the string: \u003c!DOCTYPE inside the XML before parsing it. (This is not a complete fix because someone may be able to exploit some parser differentials, to load a DOCTYPE, maybe through spacing like: \u003c! DOCTYPE)",
  "id": "GHSA-pxm4-r5ph-q2m2",
  "modified": "2024-12-13T20:39:57Z",
  "published": "2024-12-02T17:25:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52806"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/simplesamlphp/saml2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages"
}

CERTFR-2025-AVI-0836

Vulnerability from certfr_avis - Published: 2025-10-01 - Updated: 2025-10-01

De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202509.2

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-20

2025-09-26

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202509.2",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52806"
    },
    {
      "name": "CVE-2024-24821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24821"
    },
    {
      "name": "CVE-2024-35241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35241"
    },
    {
      "name": "CVE-2024-51736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51736"
    },
    {
      "name": "CVE-2024-45411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45411"
    },
    {
      "name": "CVE-2023-46734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46734"
    },
    {
      "name": "CVE-2024-51755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51755"
    },
    {
      "name": "CVE-2024-50345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50345"
    },
    {
      "name": "CVE-2025-27773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27773"
    },
    {
      "name": "CVE-2024-35242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35242"
    },
    {
      "name": "CVE-2024-51754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51754"
    }
  ],
  "initial_release_date": "2025-10-01T00:00:00",
  "last_revision_date": "2025-10-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0836",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-09-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-20",
      "url": "https://www.tenable.com/security/tns-2025-20"
    }
  ]
}

CERTFR-2025-AVI-0836

Vulnerability from certfr_avis - Published: 2025-10-01 - Updated: 2025-10-01

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202509.2

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-20

2025-09-26

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202509.2",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52806"
    },
    {
      "name": "CVE-2024-24821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24821"
    },
    {
      "name": "CVE-2024-35241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35241"
    },
    {
      "name": "CVE-2024-51736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51736"
    },
    {
      "name": "CVE-2024-45411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45411"
    },
    {
      "name": "CVE-2023-46734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46734"
    },
    {
      "name": "CVE-2024-51755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51755"
    },
    {
      "name": "CVE-2024-50345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50345"
    },
    {
      "name": "CVE-2025-27773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27773"
    },
    {
      "name": "CVE-2024-35242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35242"
    },
    {
      "name": "CVE-2024-51754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51754"
    }
  ],
  "initial_release_date": "2025-10-01T00:00:00",
  "last_revision_date": "2025-10-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0836",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-09-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-20",
      "url": "https://www.tenable.com/security/tns-2025-20"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-52806 (GCVE-0-2024-52806)

FKIE_CVE-2024-52806

GHSA-PXM4-R5PH-Q2M2

CERTFR-2025-AVI-0836

Solutions

CERTFR-2025-AVI-0836

Solutions

Tags

Sightings

Nomenclature