Skip to main content

Security Center

8 CVEs product

Monthly

CVE-2026-2698 MEDIUM This Month

Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope, allowing privilege escalation to view sensitive data. An attacker with valid credentials can bypass authorization checks to access confidential information outside their assigned permissions. No patch is currently available for this vulnerability.

Authentication Bypass Security Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2697 LOW Monitor

Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges through an indirect object reference flaw. This network-accessible vulnerability requires valid credentials but no user interaction, enabling privilege escalation attacks with moderate impact on confidentiality, integrity, and availability. No patch is currently available.

Authentication Bypass Security Center
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-5759 MEDIUM This Month

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Security Center
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-1891 MEDIUM This Month

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Security Center
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1471 MEDIUM This Month

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Security Center
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-1367 HIGH This Week

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Security Center
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-1522 HIGH PATCH This Week

SQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Security Center
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25045 HIGH This Week

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Center Security Center Web Console
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope, allowing privilege escalation to view sensitive data. An attacker with valid credentials can bypass authorization checks to access confidential information outside their assigned permissions. No patch is currently available for this vulnerability.

Authentication Bypass Security Center
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges through an indirect object reference flaw. This network-accessible vulnerability requires valid credentials but no user interaction, enabling privilege escalation attacks with moderate impact on confidentiality, integrity, and availability. No patch is currently available.

Authentication Bypass Security Center
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Security Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Security Center
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Security Center
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Security Center
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

SQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Security Center
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Center Security Center Web Console
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy