Tenable.sc

This hub aggregates every CVE we track for Tenable.sc. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Tenable.sc.

• CVE-2023-0524As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment...8.8Feb 1, 2023
• CVE-2023-24495A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interac...6.5Jan 25, 2023
• CVE-2023-24493A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system ...5.7Jan 25, 2023
• CVE-2023-24494A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit ...5.4Jan 25, 2023
• CVE-2023-0476A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory...6.5Jan 25, 2023
• CVE-2022-24828Missing input validation can lead to command execution in composer8.3Apr 13, 2022
• CVE-2022-24785Path Traversal in Moment.js7.5Apr 4, 2022
• CVE-2022-0130Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstance...8.1Jan 14, 2022
• CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier8.2Dec 20, 2021
• CVE-2021-44790Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier9.8Dec 20, 2021
• CVE-2021-21707Special characters break path parsing in XML functions5.3Nov 29, 2021
• CVE-2021-41184XSS in the `of` option of the `.position()` util6.5Oct 26, 2021
• CVE-2021-41183XSS in `*Text` options of the Datepicker widget6.5Oct 26, 2021
• CVE-2021-41182XSS in the `altField` option of the Datepicker widget6.5Oct 26, 2021
• CVE-2021-41116Command injection in composer on Windows8.2Oct 5, 2021