CVE-2018-1154Improper Control of Interaction Frequency in Securitycenter

3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 39.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Securitycenter
Timeline
PublishedAug 2
Latest updateMay 13

Description

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenable/securitycenterAll versions prior to 5.7.0

Patches

Patch: www.tenable.comPatch: www.tenable.com

🔴Vulnerability Details

2
GHSA
GHSA-6rx5-c567-35xj: In SecurityCenter versions prior to 52022-05-13
CVEList
CVE-2018-1154: In SecurityCenter versions prior to 52018-08-02
CVE-2018-1154 — Tenable Securitycenter vulnerability | cvebase