CVE-2022-0130

Name of the Vulnerable Software and Affected Versions Tenable.sc versions 5.14.0 through 5.19.1

Description A remote code execution issue was discovered, allowing a remote, unauthenticated attacker to execute code under special circumstances. The attacker must first stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.

Recommendations For Tenable.sc versions 5.14.0 through 5.19.1, update to a version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the web server root to minimize the risk of exploitation.