CVE-2014-4980Sensitive Information Exposure in WEB UI

CWE-200Sensitive Information ExposureCWE-416Use After Free4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable WEB UITenable Nessus
Timeline
PublishedJul 23
Latest updateDec 27

Description

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDtenable/nessus5 versions+4
NVDtenable/web_ui2.3.4

🔴Vulnerability Details

2
GHSA
GHSA-p784-84p4-47fp: The /server/properties resource in Tenable Web UI before 22022-05-14
CVEList
CVE-2014-4980: The /server/properties resource in Tenable Web UI before 22014-07-23

📋Vendor Advisories

1
Red Hat
kernel: Bluetooth: fix use-after-free in device_for_each_child()2024-12-27
CVE-2014-4980 — Sensitive Information Exposure | cvebase