Primary

Context

Tenable Identity Exposure Credential Disclosure Vulnerability

Vulnerability

A credential disclosure vulnerability exists in Tenable Identity Exposure versions through 3.77.8, allowing administrators to extract stored SMTP account credentials due to a lack of encryption. This vulnerability could be exploited by accessing the application with administrative privileges and retrieving the unencrypted credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to SMTP account credentials, potentially allowing for misuse of email functionalities or impersonation.

Remediation

Tenable has released version 3.77.9, which addresses this vulnerability. The update can be downloaded from the Tenable Downloads Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Identity Exposure Credential Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating