CVE-2024-3232 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-3232 PUBLISHED CVSS 7.599999904632568 HIGH

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

EPSS 1.94% · 83.3th percentile

Risk Scores

CVSS v3.1

7.599999904632568

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score

1.94%

83.3th percentile

Affected Products

Vendor	Product	Versions
tenable	identity_exposure	3.29, 3.42, 3.19
tenable	identity_exposure	0
Tenable	Tenable Identity Exposure	Tenable Identity Exposure 3.42, Tenable Identity Exposure 3.29, Tenable Identity Exposure 3.19

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 1, 2024 CVE Updated
Aug 7, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 10, 2024 EPSS Score
Nov 21, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Jan 25, 2025 EPSS Score
Feb 15, 2025 EPSS Score
Mar 29, 2025 EPSS Score

References

https://www.tenable.com/security/tns-2024-04 url
https://www.tenable.com/security/tns-2024-12 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-3232 advisory

Open in Interactive Console →