Skip to content

TAN-2025-030

Tanium addressed an improper access controls vulnerability in Reputation.

Severity: Medium

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Impact

This vulnerability could allow an authenticated Tanium user with the "Reputation Read" permission to gain read and write access to data they should not have access to.

Products Affected

2024H1 Release:

  • Reputation prior to Update 23 (v6.3.227).

2024H2 Release:

  • Reputation prior to Update 12 (v6.5.50).

2025H1 Release:

  • Reputation prior to Update 6 (v6.6.72).

Available Updates

2024H1 Release:

  • Update 23 (Reputation v6.3.227) and later.

2024H2 Release:

  • Update 12 (Reputation v6.5.50) and later.

2025H1 Release:

  • Update 6 (Reputation v6.6.72) and later.

Workaround and Mitigations

None.

Acknowledgements

None.