Sensitive Information Disclosure via token parameter in Tenable Web UI

Sensitive Information Disclosure via token parameter in Tenable Web UI

CVE-2014-4980 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

Learn more about our Web App Pen Testing.