Tenable.sc 5.14.1 Release Notes (2020-04-20)

Tip: Tenable rebranded SecurityCenter as Tenable.sc. For more information, see the announcement.

Tenable.sc 5.14.1 is a replacement for Tenable.sc 5.14.0 to resolve an issue during upgrade and an issue on the Lumin Status page. After reviewing the Upgrade Notes, you can download the update files from the Tenable.sc Downloads page.

This release addresses multiple third-party vulnerabilities. For more information, see the Security Advisory.

Upgrade Notes

This release fixes a migration issue that appeared in the Tenable.sc 5.14.0 release related to an SQL unique ID constraint. You can upgrade to Tenable.sc 5.14.1 following the normal process if you successfully upgraded to Tenable.sc 5.14.0 or if you never attempted to upgrade to Tenable.sc 5.14.0.

If you attempted to upgrade to Tenable.sc 5.14.0 but you received error messages of any kind (for example, an error message that included ....SQL-STATE[HY000]: General error: 1 no such column:...), contact Tenable Support for assistance upgrading to Tenable.sc 5.14.1.

Upgrade Path

If you are running version Tenable.sc 5.6.2.1 or later, you can upgrade directly to version 5.14.1. If you are running a version earlier than 5.6.2.1, upgrade to version 5.6.2.1 before upgrading to version 5.14.1.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 5.6.2.1 to 5.14.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

New Features

Hashicorp Vault PAM Integration

Added support for the use of Hashicorp Vault PAM SSH, Windows, and database credentials in active scans.

For more information, see SSH Credentials, Windows Credentials, and Database Credentials Authentication Method Settings in the Tenable.sc User Guide.

Arcon PAM Integration

Added support for the use of Arcon PAM SSH and Windows credentials in active scans.

For more information, see SSH Credentials and Windows Credentials in the Tenable.sc User Guide.

SAML Metadata Import

Admin users can now upload their identity provider metadata into Tenable.sc’s SAML configuration instead of manually entering the details.

For more information, see Configure SAML Authentication Automatically via the Tenable.sc Interface in the Tenable.sc User Guide.

Performance Improvements

Improved performance for the following processes: asset import and preparation, queries, and repository snapshots.

Tenable.sc to Lumin Connector

Tenable.sc now supports dynamic assets tags in addition to static asset tags.

An automatic sync feature has been added for asset tags. When asset tag information is updated in Tenable.sc, the new version automatically syncs to Lumin once per day.

For more information, see Configure Lumin Synchronization in the Tenable.sc User Guide.

The new Lumin Data feature displays the latest values for Cyber Exposure Score, Assessment Maturity Grade, and other log details of the transfer of data to Lumin. This will help the user know when sync data has been completed and help monitor changes in Lumin metrics.

For more information, see Lumin Data in the Tenable.sc User Guide.

Bug Fixes

Bug Fix Defect ID
Tenable.sc 5.14.0 upgrade bug when two or more scanners had the same name. N/A
Resolved an issue in displaying metrics on the Lumin Status page when configured with a proxy. This did not impact synchronization functionality. N/A
Resolved an issue when viewing Recast Rules, where filtered state wasn't preserved when using the back-button 444720
Resolved an issue that displayed from deleted users as "Administrator", and prevented the user from being able to resolve or close them 461859
Resolved an issue where dashboards were unnecessarily re-evaluated after editing the tab layout 798659
Resolved an issue where an Asset names would occasionally get duplicated in vulnerability analysis filters 604512
Resolved an issue where explicit date filters on the Report Results page did not work as expected 622511
Resolved an issue in System Logs where the initiator filters for admins were not working as expected 633191
Resolved an issue where diagnostic scans would log password information when failing under limited scenarios 674476
Resolved an issue where generating a diagnostic debug zip file could error from utilizing too much memory. 714863
Resolved an issue editing scans that targeted Assets that had since been deleted 721349
Resolved a issue with viewing trend data in the Event Analysis page when using some versions of Internet Explorer 734485
Resolved an issue where reports would show break ("<br/>") characters in limited scenarios 747220
Resolved an issue preventing filtering on Agent Repositories in the Accept / Recast Risk pages 749275
Resolved an issue on the plugins page where explicit time filters were not working properly 753436
Resolved an issue where a sort column in a report could not be modified 765963
Resolved an issue where Asset preparation jobs could fail when using specific clause types 766331
Resolved an issue where the usage of offsets in the /analysis/download API did not work as expected N/A
Resolved an issue where Agent Scans could not be modified in some scenarios 797592
Fixed an issue in custom Dashboards where the "Mitigated On" Field was sometimes not properly populated with the correct data. 805401
Resolved an issue where Audit File Template types were duplicated when modifying a Scan Policy 810130
Resolved an issue where some date filters were not working as expected when using the "Send to report" option on a dashboard 828391
Resolved an issue where alert actions assigned to yourself were not working as expected. 875558
Resolved issue in Vulnerability Analysis where asset information for an IP Address was sometimes not displayed correctly 880012
Resolved issue where plugin remediation/solutions for Skype/Lync applications were not working properly 889540
Resolved an issue where users could not be edited after transitioning from authentication type LDAP to Certification. 893631
Resolved an issue when sorting by VPR and using the sumid tool 902748
Resolved an issue where the search feature for Zones while editing Scans was not working as-expected in certain scenarios 909368
Resolved an issue where post-scan reports with special characters in their names did not work properly 908856
Resolved an issue impacting synchronization to Lumin when using a proxy setup. 950960
Resolved an issue that prevented the ability to view agent Assets in some scenarios. 957659
Resolved an issue where the Date column in the System Logs page was improperly appearing as sortable N/A
Resolved an issue where dashboards would sometimes erroneously show extremely large numbers for trending on vulnerability counts. 962583
Resolved an issue where the default display columns in the Vulnerability Analysis page for the IP Summary tool did not include DNS and NetBIOS N/A
Resolved an issue where Alert "Actions" were not marked as a required field on the Alerts page N/A
Resolved an issue where the notification message after adding a custom plugin was displaying as "Undefined Added Successfully" N/A
Resolved an issue on the Repositories page where the type-sort functionality was not working properly for all repository types N/A
Resolved an issue where proper email addresses did not pass validation in the Distribution section of a Report N/A
Resolved an issue where the Password field was not indicated as mandatory in the UI when editing an Industrial Security Instance N/A
Resolved an issue when sorting by type on the Policies page N/A
Resolved an issue where Feed Updates would continue to show as Updating after they had completed N/A
Resolved an issue where PHP notices were generated in the logs for CSV reports with no display columns N/A
Resolved an issue where the log would note an invalid error after adding or updating a license / activation code N/A
Resolved an issue where the title of the Solutions page was displaying the non-descriptive title: "Tenable.sc" N/A
Resolved an issue where Alerts improperly allowed all Actions to be removed on edit N/A
Resolved an issue where a misleading error would appear in the logs after attempting to add an invalid activation code on the License Configuration page N/A
Resolved an issue where a job didn't effectively terminate, and could theoretically grow over time. N/A
Resolved issue where the notification message on dashboard delete would display as: "Dashboard unshared successfully" N/A
Resolved an issue where PHP notices would appear in the logs after an Active Plugin update N/A
Resolved an issue where the drilldown of certain matrix cells with default clauses would improperly navigate to the Vulnerability Summary page, instead of the Vulnerability List page N/A
Resolved an issue where PHP warnings (relating to "runScore") could appear in the logs when syncing data to Lumin N/A
Resolves an issue that impacted ServiceNow integration functionality. This is the same issue resolved in the "Tenable.sc 5.13.0 ServiceNow Patch" N/A
Resolved an issue where the Debug Options toggles would not show as disabled while downloading logs for a Nessus Scanner N/A
Reduced the severity of VPR Plugin update log messages to more accurately reflect meaning N/A

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.14.1:

Product Tested Version
Nessus

8.5.1 and later

Log Correlation Engine 5.1.1 and later
Nessus Network Monitor 5.9.0 and later
Industrial Security 1.4.0 and later
Tenable.ot 3.4.9 and later