Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Tenable Identity Exposure

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-13007
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-23 Jun, 2026 | 15:59
Updated-23 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2025-0760
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-2.7||LOW
EPSS-0.16% / 5.85%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 23:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Credential Disclosure Vulnerability

A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-1091
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.91%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 23:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Authorization Schema

A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-862
Missing Authorization
CVE-2024-3232
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.6||HIGH
EPSS-0.44% / 35.11%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 17:02
Updated-22 Oct, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Formula Injection Vulnerability

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

Action-Not Available
Vendor-Tenable, Inc.
Product-identity_exposureTenable Identity Exposureidentity_exposure
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File