LDAP Injection Vulnerability in Tenable.sc Allows Blind Injection

CVE-2023-0476 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.

Learn more about our User Device Pen Test.