exploitDog

CVE-2024-3232

Опубликовано: 16 июл. 2024

Источник: nvd

CVSS3: 7.6

CVSS3: 6.8

EPSS Низкий

Описание

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

Ссылки

https://www.tenable.com/security/tns-2024-04
Vendor Advisory
https://www.tenable.com/security/tns-2024-04
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tenable:identity_exposure:*:*:*:*:*:*:*:*

Версия до 3.59.4 (исключая)

EPSS

Процентиль: 83%

0.01943

Низкий

7.6 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-pm8c-jgcw-6vj7

CVSS3: 7.6

github

больше 1 года назад

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

EPSS

Процентиль: 83%

0.01943

Низкий

7.6 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-1236