Описание
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.4.2 (исключая)Версия до 202212081952 (исключая)
Одно из
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:tenable:plugin_feed:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00274
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-427
Связанные уязвимости
CVSS3: 8.8
github
почти 3 года назад
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
EPSS
Процентиль: 51%
0.00274
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-427