SecurityCenter has recently been discovered to have several vulnerabilities. Two were reported by external parties while the rest were discovered during internal testing. Note that the library vulnerabilities were not fully diagnosed so SecurityCenter may or may not be impacted. Tenable opted to upgrade the libraries as it was more efficient. Details of the issues (with internal IDs for your tracking pleasure): 5 stored XSS that require authentication (31263, 31309, 31283, 31310, 31311) discovered internally by Chris Broome 1 stored XSS that requires authentication (12277) discovered internally by Kyle Teahan 1 stored XSS that requires authentication (31374) discovered internally 2 stored XSS that require authentication (31518, 31410) discovered and reported to Tenable by Kaustubh Padwad jQuery UI was upgraded to 1.12.0 potentially fixing 1 vulnerability PHP was upgraded to 5.6.28 fixing 4 vulnerabilities, 14 vulnerabilities from 5.6.27, 13 vulnerabilities from 5.6.26, and 19 from 5.6.25 (some of which are covered by IAVM 2016-B-0133) OpenSSL was upgraded to 1.0.2j fixing 1 vulnerability Tenable would like to thank Kaustubh Padwad for privately reporting issues and giving us time to provide a fix for customers. Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.
Vulmon