Security Center
Approved changes feed: RSS · Atom
cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Tenable (c0ec4e71-d667-5327-b3ed-b4c21aa5a87e) |
|---|---|
| Product | Security Center (2fb9ac55-a9b7-5234-b4b8-b5b9436edf94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-2698 |
vulnerable | 2026-06-03 15:19:24.796980 |
Improper Access Control
MEDIUM (6.5)
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Published: 2026-02-23T16:28:07.711Z
Updated: 2026-02-23T18:17:26.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2697 |
vulnerable | 2026-06-03 15:19:24.796394 |
Indirect Object Reference (IDOR) in Security Center
MEDIUM (6.3)
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
Published: 2026-02-23T15:17:13.031Z
Updated: 2026-02-26T14:44:10.953Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2630 |
vulnerable | 2026-06-03 15:19:24.659747 |
[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
HIGH (8.8)
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
Published: 2026-02-17T18:19:38.416Z
Updated: 2026-02-26T14:44:19.708Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-36636 |
vulnerable | 2026-06-03 15:00:53.918467 |
Improper Access Control
MEDIUM (4.3)
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Published: 2025-10-08T15:19:33.680Z
Updated: 2025-10-09T13:41:18.168Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5759 |
vulnerable | 2026-06-03 14:57:54.095727 |
Improper privilege management
MEDIUM (5.4)
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
Published: 2024-06-12T16:00:26.228Z
Updated: 2024-08-01T21:18:07.054Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1891 |
vulnerable | 2026-06-03 14:54:34.893520 |
Stored Cross Site Scripting
LOW (3.5)
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.
Published: 2024-06-12T15:56:41.242Z
Updated: 2024-08-01T18:56:22.481Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1471 |
vulnerable | 2026-06-03 14:54:26.981633 |
HTML Injection Vulnerability
MEDIUM (5.9)
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
Published: 2024-02-14T21:39:59.570Z
Updated: 2024-08-01T18:40:21.183Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1367 |
vulnerable | 2026-06-03 14:54:26.785805 |
Command Injection Vulnerability in Tenable Security Center
HIGH (7.2)
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Published: 2024-02-14T21:35:16.767Z
Updated: 2025-05-02T16:26:07.235Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12174 |
vulnerable | 2026-06-03 14:54:15.777930 |
Details available
LOW (2.7)
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
Published: 2024-12-09T21:38:47.542Z
Updated: 2024-12-10T17:14:03.468Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2005 |
vulnerable | 2026-06-03 14:51:41.929389 |
Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
MEDIUM (6.3)
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .
This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
Published: 2023-06-26T17:39:56.554Z
Updated: 2024-12-03T18:44:10.535Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.