Formula Injection Vulnerability
CVE-2024-3232

7.6HIGH

Key Information:

Vendor

Tenable

Status
Tenable Identity Exposure
Vendor
CVE Published:
16 July 2024

What is CVE-2024-3232?

A formula injection vulnerability exists in Tenable Identity Exposure that allows authenticated remote attackers with administrative privileges to craft malicious payloads via application form fields. By exploiting this vulnerability, attackers can deceive other administrators into executing potentially harmful CSV payloads. This manipulation can lead to unauthorized data exposure or other malicious activities, emphasizing the need for vigilance and robust security measures when using affected versions of the product.

Affected Version(s)

Tenable Identity Exposure Windows Tenable Identity Exposure 3.42

Tenable Identity Exposure Windows Tenable Identity Exposure 3.42

Tenable Identity Exposure Windows Tenable Identity Exposure 3.29

References

https://www.tenable.com/security/tns-2024-04

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Ammarit Thongthua and Sarun Pornjarungsak from Secure D Research team
.