CVE-2021-20076
First published: Wed Mar 03 2021(Updated: )
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Tenable.sc | >=5.13.0<=5.17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Tenable.sc vulnerability?
The vulnerability ID is CVE-2021-20076.
What is the severity rating of CVE-2021-20076?
CVE-2021-20076 has a severity rating of 8.8 (high).
Which versions of Tenable.sc are affected by CVE-2021-20076?
Tenable.sc versions 5.13.0 through 5.17.0 are affected by CVE-2021-20076.
How can an attacker exploit the vulnerability in CVE-2021-20076?
An authenticated, unprivileged user can perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
Is there a fix available for CVE-2021-20076?
Yes, Tenable.sc and Tenable.sc Core versions 5.18.0 and later include a fix for CVE-2021-20076. It is recommended to upgrade to the latest version.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenable
- canonical/tenable tenable.sc
- version/tenable tenable.sc/5.13.0
- version/tenable tenable.sc/5.17.0