Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Tenable Identity Exposure
Source
vulnreport@tenable.com
Tags
CVE-2024-3232 details
Published : July 16, 2024, 5:15 p.m.
Last Modified : July 16, 2024, 6 p.m.
Last Modified : July 16, 2024, 6 p.m.
Description
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.6 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1236 | Improper Neutralization of Formula Elements in a CSV File | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.6
Exploitability Score
1.0
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://www.tenable.com/security/tns-2024-04 | vulnreport@tenable.com |
This website uses the NVD API, but is not approved or certified by it.