Skip to content

TAN-2025-009

Tanium addressed a denial of service vulnerability.

Severity: Medium

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Impact

This vulnerability could allow an authenticated Enforce Recovery Portal user to poison the cache of a non-dynamic server-side rendered route, resulting in other users' inability to access recovery keys.

Products Affected

7.4 and 7.5 Release:

  • Enforce prior to version 2.7.306.

2024H1 Release:

  • Enforce prior to Update 11 (v2.7.306).

2024H2 Release:

  • Enforce prior to Update 1 (v2.8.528).

Available Updates

7.4 and 7.5 Release:

  • Enforce version 2.7.306 and later.

2024H1 Release:

  • Update 11 (Enforce v2.7.306) and later.

2024H2 Release:

  • Update 1 (Enforce v2.8.528) and later.

Workaround and Mitigations

None.

Acknowledgements

None.