CVE-2023-24495

Summary

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

Affected Software

VendorProductVersion RangeStatus
n/aTenable.scTenable.sc versions 5.23.1 and earlieraffected

Weaknesses

  • Server Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References