SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address the potential impact of these issues in SecurityCenter. SecurityCenter 5.6.1 updates OpenSSL to version 1.0.2n to address the identified vulnerabilities.Note: A separate patch has also been released to update OpenSSL to 1.0.2n in SecurityCenter versions 5.4.x, 5.5.x, and 5.6.0.x. References for the issues are below: OpenSSL security-bypass vulnerability (CVE-2017-3737) OpenSSL information-disclosure vulnerability (CVE-2017-3738)
Vulmon