CVE-2019-3962
Last modified
CVE-2019-3962 is a vulnerability of currently unknown severity. Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.. EPSS estimates a 0.95% chance of exploitation in the next 30 days.
Description
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tenable | Nessus | < 8.5.0 |
References
- http://www.securityfocus.com/bid/109025Third Party Advisory
- https://www.tenable.com/security/tns-2019-04Vendor Advisory
- http://www.securityfocus.com/bid/109025Third Party Advisory
- https://www.tenable.com/security/tns-2019-04Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-3962?
How severe is CVE-2019-3962?
How do I fix CVE-2019-3962?
Are you affected by CVE-2019-3962?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST