CVE-2024-3232

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

A

formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

References

Link	Resource
https://www.tenable.com/security/tns-2024-04	Vendor Advisory
https://www.tenable.com/security/tns-2024-04	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tenable:identity_exposure:*:*:*:*:*:*:*:*

History

22 Oct 2025, 20:30

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/tns-2024-04 -~~	() https://www.tenable.com/security/tns-2024-04 - Vendor Advisory
First Time		Tenable identity Exposure Tenable
CPE		cpe:2.3:a:tenable:identity_exposure::::::::

21 Nov 2024, 09:29

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de inyección de fórmula en Tenable Identity Exposure donde un atacante remoto autenticado con privilegios administrativos podría manipular los campos del formulario de solicitud para engañar a otro administrador para que ejecute payloads CSV. - CVE-2024-3232
References	~~() https://www.tenable.com/security/tns-2024-04 -~~	() https://www.tenable.com/security/tns-2024-04 -

16 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-16 17:15

Updated : 2025-10-22 20:30

NVD link : CVE-2024-3232

Mitre link : CVE-2024-3232

CVE.ORG link : CVE-2024-3232

JSON object : View

Products Affected

identity_exposure

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-3232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-07-16T17:15:11.267", "references": [{"url": "https://www.tenable.com/security/tns-2024-04", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.tenable.com/security/tns-2024-04", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de f\u00f3rmula en Tenable Identity Exposure donde un atacante remoto autenticado con privilegios administrativos podr\u00eda manipular los campos del formulario de solicitud para enga\u00f1ar a otro administrador para que ejecute payloads CSV. - CVE-2024-3232"}], "lastModified": "2025-10-22T20:30:36.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tenable:identity_exposure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41048D01-1264-4CB2-972C-276B47FAA192", "versionEndExcluding": "3.59.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}