Vulnerability Details CVE-2023-0476
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-0476
-
cpe:2.3:a:tenable:tenable.sc:-
-
cpe:2.3:a:tenable:tenable.sc:5.13.0
-
cpe:2.3:a:tenable:tenable.sc:5.14.0
-
cpe:2.3:a:tenable:tenable.sc:5.14.1
-
cpe:2.3:a:tenable:tenable.sc:5.16.0
-
cpe:2.3:a:tenable:tenable.sc:5.17.0
-
cpe:2.3:a:tenable:tenable.sc:5.18.0
-
cpe:2.3:a:tenable:tenable.sc:5.19.0
-
cpe:2.3:a:tenable:tenable.sc:5.19.1
-
cpe:2.3:a:tenable:tenable.sc:5.20.0
-
cpe:2.3:a:tenable:tenable.sc:5.20.1
-
cpe:2.3:a:tenable:tenable.sc:5.21.0
-
cpe:2.3:a:tenable:tenable.sc:5.23.1