Skip to content

TAN-2025-006

Tanium addressed an improper access controls vulnerability in Deploy and Patch.

Severity: Medium

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow an authenticated Tanium user with one of the following permissions to gain read-only access to data they should not have access to:

• Deploy Deployment - Read

• Patch Patchlist - Read.

Products Affected

Deploy 2.26 prior to version 2.26.1253.

Deploy 2.30 prior to version 2.30.150.

Patch 3.17 prior to version 3.17.2262.

Patch 3.19 prior to version 3.19.195.

Available Updates

Deploy version 2.26.1253 and later.

Deploy version 2.30.150 and later.

Patch version 3.17.2262 and later.

Patch version 3.19.195 and later.

Workaround and Mitigations

None.

Acknowledgements

None.