[R2] Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/24/2023 - 11:16
Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (libcurl) was found to contain vulnerabilities, and updated versions have been made available by the providers. Additionally, four separate vulnerabilities were discovered, reported and fixed.
1. CVE-2023-24493 - A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
2. CVE-2023-24494 - A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session.
3. CVE-2023-24495 - A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
4. CVE-2023-0476 - A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Out of caution and in line with best practice, Tenable has opted to upgrade these components and fix the additional reported vulnerabilities to address the potential impact of the issues. Tenable.sc 6.0.0 fixes the reported vulnerabilities and updates libcurl to version 7.86.0.