CVE-2023-0476

Summary

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.

Affected Software

VendorProductVersion RangeStatus
n/aTenable.scTenable.sc versions 5.23.1 and earlieraffected

Weaknesses

  • LDAP Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References