A vulnerability: Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities(High) was found.
Scanner: NESSUS
Description: According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities :
A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-0718)
A stored cross-site (XSS) scripting vulnerability exists that can be exploited by an authenticated, remote attacker that has user-level access to the Nessus user interface. (CVE-2018-1000028)
Multiple stored cross-site (XSS) scripting vulnerabilities exist that can be exploited by an authenticated, remote attacker that has administrative-level access to the Nessus user interface. These issues would only affect other users with administrative access. (CVE-2018-1000029)
Recommendation: Upgrade to Tenable Nessus version 6.8 or later.
Asset Information:
Asset name: 45.55.222.164
IP: 45.55.222.164
Scan was run on: 2018-10-18 08:19:58
Nucleus Notification Rules Triggered: Ticket to all on New scan High vuln
Project Name: Test Project
Please see Nucleus for more information on these vulnerabilities
kuffers
commented
5 years ago
A vulnerability: Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities(High) was found. Scanner: NESSUS Description: According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities :
A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-0718)
A stored cross-site (XSS) scripting vulnerability exists that can be exploited by an authenticated, remote attacker that has user-level access to the Nessus user interface. (CVE-2018-1000028)
Multiple stored cross-site (XSS) scripting vulnerabilities exist that can be exploited by an authenticated, remote attacker that has administrative-level access to the Nessus user interface. These issues would only affect other users with administrative access. (CVE-2018-1000029) Recommendation: Upgrade to Tenable Nessus version 6.8 or later. Asset Information: Asset name: 45.55.222.164 IP: 45.55.222.164
Scan was run on: 2018-10-18 08:19:58 Nucleus Notification Rules Triggered: Ticket to all on New scan High vuln Project Name: Test Project Please see Nucleus for more information on these vulnerabilities