Vulnerability Details CVE-2023-0476
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-0476
-
cpe:2.3:a:tenable:tenable.sc:-
-
cpe:2.3:a:tenable:tenable.sc:5.13.0
-
cpe:2.3:a:tenable:tenable.sc:5.14.0
-
cpe:2.3:a:tenable:tenable.sc:5.14.1
-
cpe:2.3:a:tenable:tenable.sc:5.16.0
-
cpe:2.3:a:tenable:tenable.sc:5.17.0
-
cpe:2.3:a:tenable:tenable.sc:5.18.0
-
cpe:2.3:a:tenable:tenable.sc:5.19.0
-
cpe:2.3:a:tenable:tenable.sc:5.19.1
-
cpe:2.3:a:tenable:tenable.sc:5.20.0
-
cpe:2.3:a:tenable:tenable.sc:5.20.1
-
cpe:2.3:a:tenable:tenable.sc:5.21.0
-
cpe:2.3:a:tenable:tenable.sc:5.23.1