TAN-2025-016

Tanium addressed an authentication bypass vulnerability.

Severity: High

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact

This vulnerability could allow an unauthenticated attacker to gain read-only access to data they should not have access to in the Enforce Recovery Portal.

Products Affected

7.4 and 7.5 Release:

• Enforce prior to version v2.7.321.
  
  

2024H1 Release:

• Enforce prior to Update 16 (v2.7.321).
  
  

2024H2 Release:

• Enforce prior to Update 5 (v2.8.554).

Available Updates

7.4 and 7.5 Release:

• Enforce v2.7.321 and later.
  
  

2024H1 Release:

• Update 16 (Enforce v2.7.321) and later.
  
  

2024H2 Release:

• Update 5 (Enforce v2.8.554) and later.
  
  

Customers must upgrade their Enforce Recovery Portal after upgrading the Enforce Product Module. Please review the Enforce documentation for instructions on upgrading your Enforce Recovery Portal.

Workaround and Mitigations

None.

Acknowledgements

None.