mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
124 lines
4.9 KiB
JSON
124 lines
4.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-3232",
|
|
"ASSIGNER": "vulnreport@tenable.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
|
|
"cweId": "CWE-1236"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Tenable",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Tenable Identity Exposure",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"status": "affected",
|
|
"version": "Tenable Identity Exposure 3.42"
|
|
},
|
|
{
|
|
"status": "affected",
|
|
"version": "Tenable Identity Exposure 3.29"
|
|
},
|
|
{
|
|
"status": "affected",
|
|
"version": "Tenable Identity Exposure 3.19"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.tenable.com/security/tns-2024-04",
|
|
"refsource": "MISC",
|
|
"name": "https://www.tenable.com/security/tns-2024-04"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"advisory": "tns-2024-04",
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "\n\nTenable has released Tenable Identity Exposure Version 3.59.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/identity-exposure\">https://www.tenable.com/downloads/identity-exposure</a>\n\n<br>"
|
|
}
|
|
],
|
|
"value": "Tenable has released Tenable Identity Exposure Version 3.59.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/identity-exposure"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Ammarit Thongthua and Sarun Pornjarungsak from Secure D Research team"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.6,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |