Parameter Tampering Vulnerability in Nessus Web UI by Tenable
CVE-2014-4980

Currently unrated

Key Information:

Vendor: Tenable
Status: Nessus; Web Ui
Vendor: CVE Published:; 23 July 2014

What is CVE-2014-4980?

The Tenable Web UI, prior to version 2.3.5, contains a vulnerability in the /server/properties resource that permits remote attackers to exploit the token parameter, potentially gaining access to sensitive information. This flaw affects users of Nessus versions 5.2.3 through 5.2.7, making it crucial for organizations to assess their security measures and ensure they apply the necessary updates to safeguard against unauthorized data exposure.

References

http://www.tenable.com/security/tns-2014-05

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/532839/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.halock.com/blog/cve-2014-4980-parameter-tamper...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2014
Vulnerability Reserved
Jul 16, 2014