Tenable's SecurityCenter is affected by at least one vulnerability due to the use of a third-party library, specifically OpenSSL. SecurityCenter's use of OpenSSL made it vulnerable to CVE-2014-3511, an issue with the ssl23_get_client_hello function in s23_srvr.c that could allow a remote, man-in-the-middle attacker to force the use of TLS 1.0 by triggering a ClientHello message fragmentation (aka a "protocol downgrade" attack). Once Tenable determined that one of the issues affected SecurityCenter, further testing was not performed to positively verify additional issues. Instead, Tenable opted to focus on integrating the latest version of OpenSSL which fixes all of them. As such, SecurityCenter might be affected by CVE-2014-3512 and CVE-2014-5139. Tenable's Nessus and PVS are technically affected by CVE-2014-3508 (crypto/objects/obj_dat.c OBJ_obj2txt function information disclosure) due to them using the X509_name_oneline() function. However, both of them utilize it in command-line utilities that do not offer an attack vector that crosses privilege boundaries. Note that additional vulnerabilities were fixed with the 1.0.1i release, but SecurityCenter is not affected by them. These include CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, and CVE-2014-3510. Please note that Tenable strongly recommends that SecurityCenter and the Tenable Appliance be installed on a subnet that is not Internet addressable.