CVE IDs: - CVE-2018-1154 - CVE-2018-1155 Risk Factor: Medium Affected Products: - SecurityCenter 5.6.2.1 and earlier Vulnerabilities: 1. Username Enumeration: - Description: In versions prior to 5.7.0, an unauthenticated attacker could automate the discovery of username aliases via brute force, facilitating unauthorized access. - CVE: CVE-2018-1154 2. Cross-Site Scripting (XSS): - Description: In versions prior to 5.7.0, an authenticated attacker could inject JavaScript code into an image filename parameter within the Reports feature. - CVE: CVE-2018-1155 Solution: - SecurityCenter 5.7.0 has been released to address these issues. Installation files are available from the Tenable Downloads Portal. Risk Information: - CVSSv2 Base / Temporal Score: - 3.3 / 2.3 (CVE-2018-1154) - 3.5 / 2.9 (CVE-2018-1155) Advisory Timeline: - 2018-07-31: Initial Release - 2018-08-16: Updated CVSS scores for CVE-2018-1155 Additional References: - php.net: ChangeLog-7.php - php.net: ChangeLog-5.php - blog.jquery.com: jQuery 3.3.1 fixed dependencies in release tag