Lucene search

K
tenableArnie CabralTENABLE:D9CBD3D5B682C8E730390E906D18158B
HistoryFeb 21, 2024 - 6:26 p.m.

[R2] Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities

2024-02-2118:26:59
Arnie Cabral
www.tenable.com
12
tenable
identity exposure
asp.net core
vulnerabilities

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0

Percentile

9.3%

[R2] Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/21/2024 - 13:26

Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components (ASP.NET Core) was found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Tenable Identity Exposure Version 3.59.4 updates ASP.NET Core to version 6.0.27 to address the identified vulnerabilities.

Additionally, one separate vulnerability was discovered, reported and fixed:

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0

Percentile

9.3%

Related for TENABLE:D9CBD3D5B682C8E730390E906D18158B