CVE-2023-24493

Summary

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.

Affected Software

VendorProductVersion RangeStatus
n/aTenable.scTenable.sc versions 5.23.1 and earlieraffected

Weaknesses

  • Formula injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References