CVE-2024-3232

Summary

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

Affected Software

VendorProductVersion RangeStatus
TenableTenable Identity ExposureTenable Identity Exposure 3.42affected
TenableTenable Identity ExposureTenable Identity Exposure 3.29affected
TenableTenable Identity ExposureTenable Identity Exposure 3.19affected

Weaknesses

  • CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References