Home/Product/tenable securitycenter
Product

tenable securitycenter

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-2698
< 6.8.0
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
6.5MEDIUM
 CVE-2026-2697
< 6.8.0
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'own
6.3MEDIUM
 CVE-2024-5759
<= 6.3.0
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could vie
5.4MEDIUM
 CVE-2024-1891
< 6.4.0
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject
3.5LOW
 CVE-2024-1471
< 6.3.0
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Cente
5.9MEDIUM
 CVE-2024-1367
< 6.3.0
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Cen
7.2HIGH
 CVE-2023-2005
all versions
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID
6.3MEDIUM
 CVE-2023-1522
all versions
SQL Injection in the Hardware Inventory report of Security Center 5.11.2.
8.8HIGH
 CVE-2020-25045
< 12
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerabl
7.8HIGH
 CVE-2019-11050
< 5.19.0
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below
4.8MEDIUM
 CVE-2019-11049
< 5.19.0
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduc
6.5MEDIUM
 CVE-2019-11046
< 5.19.0
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Window
3.7LOW
 CVE-2019-11045
< 5.19.0
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 b
3.7LOW
 CVE-2019-11044
< 5.19.0
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \
3.7LOW
 CVE-2018-1155
< 5.7.0
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject Java
5.4MEDIUM
 CVE-2018-1154
< 5.7.0
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the di
8.8HIGH
 CVE-2017-11508
all versions
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated u
8.8HIGH
 CVE-2013-5911
all versions
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to injec
 CVE-2007-2584
all versions
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in
 CVE-2006-3961
all versions
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wire
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin