exploitDog

CVE-2023-24495

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

Ссылки

https://www.tenable.com/security/tns-2023-03
Patch
Vendor Advisory
https://www.tenable.com/security/tns-2023-03
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Версия до 5.23.1 (включая)

EPSS

Процентиль: 35%

0.00144

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-8qp7-prcq-v2m5

CVSS3: 6.5

github

около 3 лет назад

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

EPSS

Процентиль: 35%

0.00144

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918