Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0

Related Vulnerabilities: CVE-2021-20076   CVE-2021-23840   CVE-2021-23841  

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. OpenSSL has been updated to version 1.1.1j.

Source

Synopsis

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.

Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. OpenSSL has been updated to version 1.1.1j.

Solution

Tenable has released 2 separate stand-alone patches to address the identified vulnerabilities. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-sc).

1. CVE-2021-20076 - SC-202102.1 Patch
2. CVE-2021-23840, CVE-2021-23841 - SC-202102.2 Patch

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started