A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
References
Link | Resource |
---|---|
https://www.tenable.com/security/tns-2023-03 | Patch Vendor Advisory |
https://www.tenable.com/security/tns-2023-03 | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 07:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 21:18
Updated : 2025-03-27 20:15
NVD link : CVE-2023-24495
Mitre link : CVE-2023-24495
CVE.ORG link : CVE-2023-24495
JSON object : View
Products Affected
tenable
- tenable.sc
CWE
CWE-918
Server-Side Request Forgery (SSRF)