The vulnerability in Tenable Identity Exposure permits unauthenticated users to call API endpoints under /w/api/* that return configuration data such as LDAP credentials, SAML settings, user accounts, and directory information. These responses are served with a Cache-Control header of public and lack a Vary: Cookie header, which allows shared caching layers to store the sensitive responses. Based on the description, it is inferred that this weakness enables attackers to exploit reverse proxies and CDNs to capture and subsequently serve the leaked data to other users, thereby constituting a confidentiality breach (CWE-306 and CWE-524).

Tenable Identity Exposure. The affected components are the API endpoints located under /w/api/*. No explicit product version information is provided in the advisory, so the scope applies to any installation exposing these endpoints.

The CVSS score of 8.5 classifies the issue as high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Exploitation requires no authentication; an attacker can send HTTP requests directly to the public endpoints, capture the configuration data, and, if a reverse proxy or CDN caches the response, later retrieve the same data even after legitimate users have logged in. Based on the description, it is inferred that the presence of intermediary caching infrastructure and the lack of proper cache directives are the primary prerequisites for successful exploitation.