CVE-2024-3232

{"id": "CVE-2024-3232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}]}, "published": "2024-07-16T17:15:11.267", "references": [{"url": "https://www.tenable.com/security/tns-2024-04", "source": "vulnreport@tenable.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de f\u00f3rmula en Tenable Identity Exposure donde un atacante remoto autenticado con privilegios administrativos podr\u00eda manipular los campos del formulario de solicitud para enga\u00f1ar a otro administrador para que ejecute payloads CSV. - CVE-2024-3232"}], "lastModified": "2024-07-16T18:00:02.110", "sourceIdentifier": "vulnreport@tenable.com"}