Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities

Related Vulnerabilities: CVE-2019-1551   CVE-2020-1967   CVE-2020-1971   CVE-2021-3449   CVE-2021-23840   CVE-2020-11022   CVE-2020-11023  

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL and jQuery components to address the potential impact of these issues. LCE 6.0.9 updates OpenSSL to version 1.1.1k and jQuery to version 3.5.1 to address the identified vulnerabilities.

Source

Synopsis

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL and jQuery components to address the potential impact of these issues. LCE 6.0.9 updates OpenSSL to version 1.1.1k and jQuery to version 3.5.1 to address the identified vulnerabilities.

Solution

Tenable has released Log Correlation Engine 6.0.9 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/log-correlation-engine).

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started