[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

2019-12-30T20:05:21
ID TENABLE:0923EE6295E637F8FE460756C4F2C346
Type tenable
Reporter Blake Kizer
Modified 2019-12-30T20:05:21

Description

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Tenable.sc. Tenable.sc 5.13.0 updates OpenSSL to 1.1.1d, Apache HTTP Server to 2.4.41, and SimpleSAMLphp to 1.17.7 to address the identified vulnerabilities.