Improper Certificate Validation Vulnerability in Tenable Security Center Allows Interception of Email Messages
CVE-2024-12174

2.7LOW

Key Information:

Vendor: Tenable
Status: Security Center
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-12174?

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

Affected Version(s)

Security Center Linux 0

References

https://www.tenable.com/security/tns-2024-19

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Dec 4, 2024