CVE-2017-11508SQL Injection in Securitycenter

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Securitycenter
Timeline
PublishedNov 2
Latest updateMay 17

Description

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenable/securitycenter5.5.0, 5.5.1 and 5.5.2
NVDtenable/securitycenter5.5.0, 5.5.1, 5.5.2+2

🔴Vulnerability Details

2
GHSA
GHSA-556h-vgqj-qrc3: SecurityCenter versions 52022-05-17
CVEList
CVE-2017-11508: SecurityCenter versions 52017-11-02
CVE-2017-11508 — SQL Injection in Securitycenter | cvebase