CVE-2024-3232 — Vulnetix

CVE-2024-3232 PUBLISHED CVSS 7.599999904632568 HIGH

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

EPSS 1.94% · 83.8th percentile

Risk Scores

CVSS 3.1

7.599999904632568

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score

1.94%

83.8th percentile

Affected Products

Vendor	Product	Versions
tenable	identity_exposure	3.42, 3.19, 3.29
tenable	identity_exposure	0
Tenable	Tenable Identity Exposure	Tenable Identity Exposure 3.29, *, Tenable Identity Exposure 3.19

Exploit Intelligence

https://www.tenable.com/security/tns-2024-04 (circl)

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 1, 2024 CVE Updated
Aug 30, 2024 EPSS Score
Sep 20, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Nov 3, 2024 EPSS Score
Nov 25, 2024 EPSS Score
Jan 8, 2025 EPSS Score
Jan 30, 2025 EPSS Score
Mar 14, 2025 EPSS Score
Mar 29, 2025 EPSS Score

References

https://www.tenable.com/security/tns-2024-04 url
https://www.tenable.com/security/tns-2024-12 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-3232 advisory

Open in Interactive Console →