[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities

Related Vulnerabilities: CVE-2020-11022   CVE-2020-1971   CVE-2020-1967   CVE-2019-1551   CVE-2020-5808  

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Tenable.sc version 5.17.0 will update jQuery to 3.5.1 and OpenSSL to 1.1.1i to address the identified vulnerabilities. Additionally, Tenable.sc 5.17.0 will also address an Access Control issue within the Automatic Distribution configuration. In certain scenarios, a scanner could potentially be used outside the user's defined scan zone for a scan without a particular zone being specified.

Synopsis

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Tenable.sc version 5.17.0 will update jQuery to 3.5.1 and OpenSSL to 1.1.1i to address the identified vulnerabilities.

Additionally, Tenable.sc 5.17.0 will also address an Access Control issue within the Automatic Distribution configuration. In certain scenarios, a scanner could potentially be used outside the user's defined scan zone for a scan without a particular zone being specified.

Solution

Tenable has released Tenable.sc 5.17.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-sc).