CVE-2024-3232

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.tenable.com/security/tns-2024-04	Vendor Advisory
https://www.tenable.com/security/tns-2024-04	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tenable:identity_exposure:*:*:*:*:*:*:*:*

History

22 Oct 2025, 20:30

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/tns-2024-04 -~~	() https://www.tenable.com/security/tns-2024-04 - Vendor Advisory
First Time		Tenable Tenable identity Exposure
CPE		cpe:2.3:a:tenable:identity_exposure::::::::

Information

Published : 2024-07-16 17:15

Updated : 2025-10-22 20:30

NVD link : CVE-2024-3232

Mitre link : CVE-2024-3232

CVE.ORG link : CVE-2024-3232

JSON object : View

Products Affected

tenable

identity_exposure

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-3232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-07-16T17:15:11.267", "references": [{"url": "https://www.tenable.com/security/tns-2024-04", "tags": ["Vendor Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/tns-2024-04", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de f\u00f3rmula en Tenable Identity Exposure donde un atacante remoto autenticado con privilegios administrativos podr\u00eda manipular los campos del formulario de solicitud para enga\u00f1ar a otro administrador para que ejecute payloads CSV. - CVE-2024-3232"}], "lastModified": "2025-10-22T20:30:36.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tenable:identity_exposure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41048D01-1264-4CB2-972C-276B47FAA192", "versionEndExcluding": "3.59.4"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}