CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.html
http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/
http://www.osvdb.org/109376
http://www.securityfocus.com/archive/1/532839/100/0/threaded
http://www.securityfocus.com/bid/68782
http://www.securitytracker.com/id/1030614
http://www.tenable.com/security/tns-2014-05
http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.html
http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/
http://www.osvdb.org/109376
http://www.securityfocus.com/archive/1/532839/100/0/threaded
http://www.securityfocus.com/bid/68782
http://www.securitytracker.com/id/1030614
http://www.tenable.com/security/tns-2014-05

Products affected by CVE-2014-4980

Tenable » Nessus » Version: 5.2.3

cpe:2.3:a:tenable:nessus:5.2.3
Tenable » Nessus » Version: 5.2.4

cpe:2.3:a:tenable:nessus:5.2.4
Tenable » Nessus » Version: 5.2.5

cpe:2.3:a:tenable:nessus:5.2.5
Tenable » Nessus » Version: 5.2.6

cpe:2.3:a:tenable:nessus:5.2.6
Tenable » Nessus » Version: 5.2.7

cpe:2.3:a:tenable:nessus:5.2.7
Tenable » Web Ui » Version: 2.3.3

cpe:2.3:a:tenable:web_ui:2.3.3
Tenable » Web Ui » Version: 2.3.4

cpe:2.3:a:tenable:web_ui:2.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4980

Products

Pricing

Contact Us