- 314/2022
- Critical
Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars).
The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system.
Samples of the addressed vulnerabilities:
1. Moment.js Directory Traversal (CVE-2022-24785):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Moment.js Denial of Service (CVE-2022-31129):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Affected Products:
- NNM 5.11.0.
- NNM 6.1.1.
Vulnerabilities
- CVE-2022-24785
- CVE-2022-31129
- CVE-2021-23383
- CVE-2021-23369
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.