CVE-2016-7103 : - SecurityCenter 5.4.1 Fixes Two of my Stored XSS


SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities

SecurityCenter has recently been discovered to have several vulnerabilities. Two were reported by external parties while the rest were discovered during internal testing. Note that the library vulnerabilities were not fully diagnosed so SecurityCenter may or may not be impacted. Tenable opted to upgrade the libraries as it was more efficient. Details of the issues (with internal IDs for your tracking pleasure):

  • 2 stored XSS that require authentication (31518, 31410) discovered and reported to Tenable by Kaustubh Padwad

Tenable would like to thank Kaustubh Padwad for privately reporting issues and giving us time to provide a fix for customers.

Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.