Description
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- tenable / Tenable Identity ExposureTenable Identity Exposure 3.42 – Tenable Identity Exposure 3.42
- tenable / Tenable Identity ExposureTenable Identity Exposure 3.29 – Tenable Identity Exposure 3.29
- tenable / Tenable Identity ExposureTenable Identity Exposure 3.19 – Tenable Identity Exposure 3.19