Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. The following vulnerabilities have been resolved with the updated libraries. cURL / libcurl lib/url.c allocate_conn() Function OCSP Stapling Validation Failure MitM Certificate Revocation Bypass [VulnDB 152389 / CVE-2017-2629] Triple Data Encryption Algorithm (3DES) 64-bit Block Size Birthday Attack HTTPS Cookie MitM Disclosure (SWEET32) [VulnDB 143387 / CVE-2016-2183] Please note that Tenable strongly recommends that LCE be installed on a subnet that is not Internet addressable.