Tenable Nessus vulnerabilities

CVE-2022-3499 [MEDIUM] CVE-2022-3499: An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized discl An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.

CVE-2020-5774 [HIGH] CVE-2020-5774: Nessus versions 8 Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

CVE-2020-5765 [MEDIUM] CVE-2020-5765: Nessus 8 Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0.

CVE-2019-3982 [MEDIUM] CVE-2019-3982: Nessus versions 8 Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

CVE-2019-3974 [HIGH] CVE-2019-3974: Nessus 8 Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

CVE-2019-3961 [MEDIUM] CWE-79 CVE-2019-3961: Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to imprope Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.

CVE-2019-3923 [MEDIUM] CWE-79 CVE-2019-3923: Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper v Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address th

CVE-2018-1148 [MEDIUM] CWE-384 CVE-2018-1148: In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the ap In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.

CVE-2018-1147 [MEDIUM] CWE-79 CVE-2018-1147: In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authen In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Adva