[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities

Tenable has released updates for SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 to bring the version of PHP included with them to 5.6.31. PHP 5.6.31 addresses multiple vulnerabilities: CVE-2017-11142: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers...

[R1] Nessus 7.1.0 Fixes Multiple Vulnerabilities

Nessus versions 7.0.3 and earlier have been found vulnerable to two separate issues. The first vulnerability XSS exists due to improper input validation. An authenticated attacker could create and upload a .nessus file, that may be viewed by an administrator allowing for the execution of arbitrar...

[R1] SecurityCenter 5.6.0 Fixes One Vulnerability

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a...

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R2] Nessus 7.0.3 Fixes One Vulnerability

When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories on Windows operating systems. This could allow for local privilege escalation if users had not secured the directories in the installation location...

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client dhclient package. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitra...

[R2] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components PHP were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] Nessus 7.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

[R1] Tenable Appliance 4.7.0 Fixes One Vulnerability

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...

[R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability

Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opte...

[R6] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities

The Tenable Appliance has recently been discovered to contain several vulnerabilities. One exists in the underlying operating system kernel, two in the Appliance web interface, and multiple issues in bundled applications. Since the Appliance ships with other Tenable products, please consult the...

[R3] Nessus 6.10.5 Fixes Two Vulnerabilities

Nessus was found to be vulnerable to a local privilege escalation issue and a local denial of service condition due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. Note that these are very simil...

[R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities

Log Correlation Engine LCE 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. The following vulnerabilities have been resolved with the updated libraries...

[R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] Nessus 6.11 Fixes One Vulnerability

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus did not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. Please note that Tenable strongly recommends that Nessus be installed on a subnet tha...

[R3] Nessus 6.10.4 Fixes One Vulnerability

Nessus was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. This is tracked internally as NES-6023...

[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two of the third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R2] Nessus 8.5.0 Fixes Multiple Vulnerabilities

Nessus versions 8.4.0 and earlier were found to contain multiple XSS vulnerabilities due to improper validation of user-supplied input. For CVE-2019-3961, an unauthenticated, remote attacker could exploit this vulnerability via a specially crafted request to execute arbitrary script code in a...

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R2] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable has upgraded the bundl...

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL and Moment.js were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus 8.6.0 Fixes One Vulnerability

Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition...

[R1] Nessus Version 10.7.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/06/2024 - 11:07 Two separate vulnerabilities were discovered, reported and fixed: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could...

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

R1 Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 06/29/2023 - 06:45 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components were found to contain vulnerabilities, and updated versions hav...

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted...

[R1] Nessus Agent 8.2.5 Fixes Multiple Vulnerabilities

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus Agent host...

[R1] Nessus AMI 8.13.1 Fixes One Vulnerability

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack...

[R1] Nessus 8.7.0 Fixes One Vulnerability

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive...

[R1] Nessus Network Monitor 6.3.0 Fixes Multiple Vulnerabilities

R1 Nessus Network Monitor 6.3.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 10/25/2023 - 15:33 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, curl, chosen, datatables were found to contain...

[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/29/2023 - 04:44 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary fil...

[R2] Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities

R2 Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/24/2023 - 11:16 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components libcurl was found to contain vulnerabilities, and updated versions have been made available...

[R2] Nessus Version 10.4.0 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 10/27/2022 - 10:48 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components select2.js, jQuery UI were found to contain vulnerabilities, and updated versions have...

[R2] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202109.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable opted to...

[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

R3 Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components zlib, expat, jQuery UI were found to contain vulnerabilities, and updated versions hav...

[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components jQuery and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components OpenSSL, jQuery and moment.js were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components PHP was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a...