[R1] Tenable Identity Exposure Secure Relay Version 3.59.4 Fixes Multiple Vulnerabilities

Tenable Security Advisory

[R1] Tenable Identity Exposure Secure Relay Version 3.59.4 Fixes Multiple Vulnerabilities

Arnie Cabral

Tenable Identity Exposure Secure Relay leverages third-party software to help provide underlying functionality. One of the third-party components (Envoy) was found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Tenable Identity Exposure Secure Relay Version 3.59.4 updates Envoy to version 1.29.1 to address the identified vulnerabilities.

Additionally, one other vulnerability was discovered, reported and fixed:

  • A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

READ MORE