Note: Tenable recommends upgrading to the patches for this release, Tenable.sc Patch 202108.1, Tenable.sc Patch 202109.1, Tenable.sc Patch 202110.1, and Tenable.sc Patch 202201.1, which include fixes for potential vulnerabilities. For more information, see the Tenable Product Security Advisory.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Note: This release includes fixes from Tenable.sc Patch 202103.1.
You can download the update files from the Tenable.sc Downloads page.
If you are running Tenable.sc 5.9.0 or later, you can upgrade directly to Tenable.sc 5.18.0. If you are running a version earlier than Tenable.sc 5.9.0, upgrade to Tenable.sc 5.9.0 before upgrading to Tenable.sc 5.18.0.
If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable.sc installation to the “Trusted Sites” zone in order for the application to load.
Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.
Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 18.104.22.168 to 5.9.0 to 5.18.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
Note: On April 30, 2021, Nessus versions 8.5.1 and earlier (including Nessus Professional and managed scanners) will reach End of Standard Support. On May 1, 2021, scanners running Nessus versions 8.5.1 and earlier will still be able to run scans, but they will not receive plugin updates.
If you upgrade to Tenable.sc 5.18.0:
Managed scanners running Nessus versions 8.5.2 or later will continue to receive plugin updates and perform scans as usual.
Managed scanners running Nessus versions 8.5.1 and earlier will no longer be able to perform scans. All scanners will need to be upgraded to Nessus version 8.5.2 or later.
For more information, see the knowledge base article.
Note: As part of an ongoing diversity and inclusion effort, Tenable is updating language to align with industry standards for inclusive language. Tenable.sc 5.18.0 will support both the Blackout Window and Freeze Window API. In Tenable.sc 5.19.0, the Blackout Window API call will be deprecated and will only support the Freeze Window API. The functionality of the API will remain the same.
Nessus Scanner and Scan Zone Management in Tenable.sc Director
Added the ability for Tenable.sc Director administrators to add, edit, and delete Nessus scanners and scan zones on managed Tenable.sc instances.
LDAP User Provisioning
Added the ability to automatically create LDAP-authenticated users in Tenable.sc by importing user account attributes from your Microsoft Active Directory. When user provisioning is enabled, users who log into your Active Directory are automatically created in Tenable.sc. Active Directory user passwords are never stored in Tenable.sc.
This feature has been tested with Microsoft Server 2016 Active Directory on-premises and Microsoft Server 2019 Active Directory on-premises (not Azure Active Directory).
For more information, see LDAP User Provisioning in the Tenable.sc User Guide.
Data Expiration at Repository Level
Added the ability to set data expiration at a repository level. There will no longer be a global setting for data expiration. When upgrading to Tenable.sc 5.18.0, repositories inherit the data expiration settings based on your previous global settings.
New Export Option for Solution Details
Added the ability to export the fields on the Solution Details page as a .csv file.
For more information, see Export Hosts Affected by a Solution in the Tenable.sc User Guide.
Changed Functionality and Performance Enhancements
When you export vulnerabilities as a .csv file, the column labeled "Plugin Text" has been changed to "Plugin Output."
The minimum required version for Java has been updated from Java 1.4 to Java 1.8.
|Bug Fix||Defect ID|
|Added logic to roll back any changes made in connection with LCE data updates should there be an error.||1086533|
|Fixed a bug in trend lines where data imported close to the snapshot time was not being included in the numbers for each day when using the "First Observed" and "Last Observed" filters.||1122068|
|Fixed a bug where sorting was not being preserved on list views when moving back and forth on different pages.||586959|
|Fixed a bug with PDF reports generating incorrect values for the iterator when Tenable.sc finds multiple assets assigned with the same UUID.||1115183|
|Fixed a bug within the Vulnerability Analysis view where the value that was being preserved for sorting is a column that does not exist for the tool.|
|Fixed a memory allocation error in the list software tool that somewhat infrequently causes the tool to crash.|
|Fixes a defect in Scan Results where user may have seen "No Values" as options for Group filter on slower connections.||785460|
|When a user signs in and there is an unassigned certificate available, the user will presented with a new dialogue. If the user selects "Yes", the certificate will assigned to that user and they will be logged in immediately, skipping the "Change Password" dialogue if that option was set for the user.||1019727|
|Resolved an issue where a Class A or B or C summary in Vulnerability Analysis could not properly export IP addresses into a CSV Report.||1153755|
|Resolved an issue where Internet Explorer 11 did not properly render fonts when using Tenable.sc.||951822|
|Resolved an issue where the drill down of certain matrix cells with default clauses would improperly navigate to the Vulnerability Summary page, instead of the Vulnerability List page.||1110694|
|Resolved an issue where exceedingly rare cases the Job Daemon could crash when it fails to read the Application database.||1172455|
|Tenable.sc customers on CentOS 8 with SELinux enforcing who are using LCE need to allow rsync to run ssh by changing the rync_client value: setsebool -P rsync_client 1|
|Scanners and Groups with the same name will be renamed as duplicates to ensure these tables have unique naming in the future.|
|Tenable.sc now validates port scan ranges to ensure they meet the requirements for scans using Tenable.io and Nessus scanners. Invalid ranges will now cause errors at scan time in Tenable.sc instead of on the scanners mid-scan.||830350|
|The code has been modified so that the first user created in an organization (userID == 1) cannot be deleted.||559685|
|Fixed a problem when Tenable.sc couldn't login to a scanner and treated it as failed. At that point Tenable.sc reinjected the chunks from the scanner that went offline. However Tenable.sc was reinjecting chunks that had already been downloaded and marked as complete. This caused Tenable.sc to scan some of the hosts twice and caused Tenable.sc to stop before all the hosts had been scanned. Fixed to only reinject chunks that are not completed.||1091012|
|Objects belonging to one user in a group fails to migrate properly when a User is deleted with their objects being shared to another group. Admin and Organization users can now migrate a user's objects without errors upon that user's deletion.||1091273|
|Working files created during feed update are deleted after the feed update completes. This resolves a problem in which the files were not deleted, eventually filling the disk.||1090063|
|Alerts : Emails are not received with Email action and getting error log in the sc-error.log file|
|Find/Update Filters - Shows "undefined"||1157589|
|If you link the Tenable.io cloud scanner using password only and launch an agent scan with duration set to 1 day it will throw an error. The message erroneously reported the ID of the Agent Scan being ran instead of the ID of the Scanner.||1146658|
|When migrating from any earlier version of Tenable.sc to Tenable.sc 5.17.0, any existing Database Credentials (in that they existed before the migration) will erroneously have their sybase_ase_auth_type field set to "RSA". This field is only meant for Sybase Database credential types and not all Database credential types so the Credential Validator trips up on this. For more information, see the knowledge base article.||1148242|
|Agent Capable Scanner is not showing up within the Agent Scanner drop down.||1141081|
|Fixed a Vulnerability Queries segment fault that occurs in a rare use case.||1131863|
|"User's group does not have access to xxxxx Repository" message hovering over repo.||1124963|
|Analysis View Shows Total, but Page says "No Results Found."||1088995|
|Fixed an issue with the Query Tool for reports. When you select a Query for a report, the fields in the Definition section are populated based on the query definition. If the user changes one of those fields, the Query field is supposed to be cleared. When you select a Query, and then modify the filters (add a new one, delete one, or edit an existing one), the Query field is cleared. The same thing should happen if the user selects a different Tool.||1105118|
|Agent Group Name Change Not Reflected in Web UI.||1083510|
|Fixed the Content-Security-Policy header in the Tenable UI directive to the correct value.|
|Fixed a rounding error in the scan completion duration.||1037558|
|Fixed Trending Repo Date Range Max Limit of 365 During Quick Setup (max limit should be 999).||1028110|
|Rename "Scan Policy Plugins" Filter on Active Scans/Results Pages to "Scan Policy."||984313|
|Vulnerability Analysis not clearing filter in UI.||752877|
|Remove Purge Tickets from Workflow Permissions Role View.||713105|
|In Vuln Analysis clicking 'IP Summary' from the 'DNS Name Summary' tool links incorrectly to events.||629975|
For more information about the API changes for this release, see the Tenable.sc API Changelog.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.
Tenable Integrated Product Compatibility
The following table lists the Tenable product versions tested with Tenable.sc 5.18.0.
8.5.1 and later
|Tenable.ot||3.4.9 and later|
|Log Correlation Engine||6.0.0 and later|
|Nessus Network Monitor||5.9.0 and later|