CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.3%
[R2] Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/21/2024 - 13:26
Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components (ASP.NET Core) was found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Tenable Identity Exposure Version 3.59.4 updates ASP.NET Core to version 6.0.27 to address the identified vulnerabilities.
Additionally, one separate vulnerability was discovered, reported and fixed:
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.3%