SecurityCenter leverages third-party software to help provide underlying functionality. Two of the third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled PHP and OpenSSL to address the potential impact of these issues on SecurityCenter. SecurityCenter 5.6.0.1 updates PHP to version 5.6.32 and OpenSSL to version 1.0.2m to address the identified vulnerabilities. References for the issues are below: PCRE Library Heap Overflow Vulnerability (CVE-2016-1283) OpenSSL Security Bypass Vulnerability (CVE-2017-3735) OpenSSL Information Disclosure Vulnerability (CVE-2017-3736) Note: The CVSSv2 score used in this advisory reflects CVE-2016-1283, as it is considered the highest risk.
Vulmon