TAN-2025-032
Tanium addressed an incorrect default permissions vulnerability in Enforce.
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Impact
This vulnerability could allow an authenticated Tanium user with the "Enforce Service Account" permission to read/write all platform content.
Products Affected
2024H1 Release:
- Enforce prior to Update 24 (v2.7.367).
2024H2 Release:
- Enforce prior to Update 13 (v2.8.601).
2025H1 Release:
- Enforce prior to Update 7 (v2.9.574).
Available Updates
2024H1 Release:
- Update 24 (Enforce v2.7.367) and later.
2024H2 Release:
- Update 13 (Enforce v2.8.601) and later.
2025H1 Release:
- Update 7 (Enforce v2.9.574) and later.
Workaround and Mitigations
None.
Acknowledgements
None.