Formula Injection Vulnerability
CVE-2024-3232

7.6HIGH

Key Information:

Vendor: Tenable
Status: Tenable Identity Exposure
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-3232?

A formula injection vulnerability exists in Tenable Identity Exposure that allows authenticated remote attackers with administrative privileges to craft malicious payloads via application form fields. By exploiting this vulnerability, attackers can deceive other administrators into executing potentially harmful CSV payloads. This manipulation can lead to unauthorized data exposure or other malicious activities, emphasizing the need for vigilance and robust security measures when using affected versions of the product.

Affected Version(s)

Tenable Identity Exposure Windows Tenable Identity Exposure 3.42

Tenable Identity Exposure Windows Tenable Identity Exposure 3.29

References

https://www.tenable.com/security/tns-2024-04

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024

Credit

Ammarit Thongthua and Sarun Pornjarungsak from Secure D Research team