Primary

Context

Tanium Asset SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Tanium Asset, affecting multiple release versions prior to specific update releases. This vulnerability allows an authenticated user with the 'Asset API - Write' permission to manipulate the SQL queries executed by the Asset service.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of SQL queries, potentially allowing for data manipulation or retrieval beyond the user's permissions.

Remediation

Users can update to Asset version 1.28.254 or later (for the 2024H1 release), version 1.32.161 or later (for the 2024H2 release), or version 1.33.250 or later (for the 2025H1 release) to address this vulnerability.

Added: Jan 29, 2026, 12:17 AM

Updated: Jan 29, 2026, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tanium Asset SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating