Sarun Pornjarungsak

**Nome do software vulnerável e versões afetadas** Tenable Identity Exposure (versões afetadas não especificadas) **Descrição** Existe uma vulnerabilidade de injeção de fórmula que permite que um invasor remoto autenticado com privilégios administrativos manipule campos de formulários da aplicação. Isso poderia induzir outro administrador a executar cargas de ataque CSV. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An arbitrary file write issue exists, allowing an authenticated, remote attacker with administrator privileges to alter logging variables. This could result in overwriting arbitrary files on the remote host with log data, potentially leading to a denial of service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nessus versions 8.10.1 through 8.15.8 Nessus versions 10.0.0 through 10.4.1 **Description** The issue is related to insufficient input validation, which can be exploited by a remote attacker to elevate privileges to root or NT AUTHORITY/SYSTEM on the Nessus host. This can be achieved by executing a specially crafted file. **Recommendations** For Nessus versions 8.10.1 through 8.15.8, update to a version outside of this range to resolve the issue. For Nessus versions 10.0.0 through 10.4.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Nessus host to minimize the risk of exploitation.