Refine your search
3 vulnerabilities found for SecurityCenter by Tenable
CVE-2018-1155 (GCVE-0-2018-1155)
Vulnerability from cvelistv5
Published
2018-08-02 19:00
Modified
2024-09-17 01:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting (XSS)
Summary
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | SecurityCenter |
Version: All versions prior to 5.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SecurityCenter",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "All versions prior to 5.7.0"
}
]
}
],
"datePublic": "2018-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-12T09:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-07-31T00:00:00",
"ID": "CVE-2018-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SecurityCenter",
"version": {
"version_data": [
{
"version_value": "All versions prior to 5.7.0"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2018-11",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1155",
"datePublished": "2018-08-02T19:00:00.000Z",
"dateReserved": "2017-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:32:05.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1154 (GCVE-0-2018-1154)
Vulnerability from cvelistv5
Published
2018-08-02 19:00
Modified
2024-09-16 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Username Enumeration
Summary
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | SecurityCenter |
Version: All versions prior to 5.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SecurityCenter",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "All versions prior to 5.7.0"
}
]
}
],
"datePublic": "2018-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Username Enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-12T09:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-07-31T00:00:00",
"ID": "CVE-2018-1154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SecurityCenter",
"version": {
"version_data": [
{
"version_value": "All versions prior to 5.7.0"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Username Enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2018-11",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-11"
},
{
"name": "1041431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1154",
"datePublished": "2018-08-02T19:00:00.000Z",
"dateReserved": "2017-12-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:42:52.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11508 (GCVE-0-2017-11508)
Vulnerability from cvelistv5
Published
2017-11-02 17:00
Modified
2024-09-16 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | SecurityCenter |
Version: 5.5.0, 5.5.1 and 5.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SecurityCenter",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "5.5.0, 5.5.1 and 5.5.2"
}
]
}
],
"datePublic": "2017-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "1039804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2017-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-11508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SecurityCenter",
"version": {
"version_data": [
{
"version_value": "5.5.0, 5.5.1 and 5.5.2"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039804"
},
{
"name": "https://www.tenable.com/security/tns-2017-13",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11508",
"datePublished": "2017-11-02T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:06:45.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}