CVE-2018-1154

Published: Aug 2, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.

Affected (1)

Products: Tenable: Securitycenter

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tenable Securitycenter	Before 5.7.0

References (4)

http://www.securitytracker.com/id/1041431

Source: vulnreport@tenable.com

Third Party AdvisoryVDB Entry

https://www.tenable.com/security/tns-2018-11

Source: vulnreport@tenable.com

PatchVendor Advisory

http://www.securitytracker.com/id/1041431

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.tenable.com/security/tns-2018-11

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.