CVE-2017-8051
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
21/04/2017
Last modified:
20/04/2025
Description
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tenable:appliance:3.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:3.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:3.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:3.10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:3.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:appliance:4.4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page