TAN-2025-005

Tanium addressed an improper input validation vulnerability in Discover.

Severity: Medium

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Impact

This vulnerability could allow an authenticated Tanium user with the "Discover - API Execute" permission to tamper with the SQL query executed by the Discover service.

Products Affected

Discover prior to version 4.10.90.

Available Updates

Discover version 4.10.90 and later.

Workaround and Mitigations

None.

Acknowledgements

None.