cbcvebase.
CVE-2024-1471
published 2024-02-14

CVE-2024-1471: An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify…

PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.41%
32.4th percentile
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.

Affected

1 ranges
VendorProductVersion rangeFixed in
tenablesecurity_center< 6.3.06.3.0

CVSS provenance

nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle9.8HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.