Описание
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
Ссылки
- PatchVendor Advisory
- Permissions Required
- ExploitThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Permissions Required
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tenable:appliance:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:appliance:4.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.53063
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
CVSS3: 9.8
fstec
почти 9 лет назад
Уязвимость сценария simpleupload.py веб-интерфейса платформы Tenable Appliance, позволяющая нарушителю выполнить произвольные команды
EPSS
Процентиль: 98%
0.53063
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78