Tenable.sc 5.18.0 Release Notes (2021-04-01)

Note: Tenable recommends upgrading to the patches for this release, Tenable.sc Patch 202108.1, Tenable.sc Patch 202109.1, Tenable.sc Patch 202110.1, and Tenable.sc Patch 202201.1, which include fixes for potential vulnerabilities. For more information, see the Tenable Product Security Advisory.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: This release includes fixes from Tenable.sc Patch 202103.1.

You can download the update files from the Tenable.sc Downloads page.

Upgrade Notes

If you are running Tenable.sc 5.9.0 or later, you can upgrade directly to Tenable.sc 5.18.0. If you are running a version earlier than Tenable.sc 5.9.0, upgrade to Tenable.sc 5.9.0 before upgrading to Tenable.sc 5.18.0.

If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable.sc installation to the “Trusted Sites” zone in order for the application to load.

Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.

This release includes an upgrade to OpenSSL 1.1.1k. This resolves two issues found in the open source libraries, CVE-2021-3450 and CVE-2021-3449. Both issues were rated High.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from to 5.9.0 to 5.18.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: On April 30, 2021, Nessus versions 8.5.1 and earlier (including Nessus Professional and managed scanners) will reach End of Standard Support. On May 1, 2021, scanners running Nessus versions 8.5.1 and earlier will still be able to run scans, but they will not receive plugin updates.

If you upgrade to Tenable.sc 5.18.0:

  • Managed scanners running Nessus versions 8.5.2 or later will continue to receive plugin updates and perform scans as usual.

  • Managed scanners running Nessus versions 8.5.1 and earlier will no longer be able to perform scans. All scanners will need to be upgraded to Nessus version 8.5.2 or later.

For more information, see the knowledge base article.

Note: As part of an ongoing diversity and inclusion effort, Tenable is updating language to align with industry standards for inclusive language. Tenable.sc 5.18.0 will support both the Blackout Window and Freeze Window API. In Tenable.sc 5.19.0, the Blackout Window API call will be deprecated and will only support the Freeze Window API. The functionality of the API will remain the same.

New Features

Nessus Scanner and Scan Zone Management in Tenable.sc Director

Added the ability for Tenable.sc Director administrators to add, edit, and delete Nessus scanners and scan zones on managed Tenable.sc instances.

For more information, see Nessus Scanners and Scan Zones in the Tenable.sc Director User Guide.

LDAP User Provisioning

Added the ability to automatically create LDAP-authenticated users in Tenable.sc by importing user account attributes from your Microsoft Active Directory. When user provisioning is enabled, users who log into your Active Directory are automatically created in Tenable.sc. Active Directory user passwords are never stored in Tenable.sc.

This feature has been tested with Microsoft Server 2016 Active Directory on-premises and Microsoft Server 2019 Active Directory on-premises (not Azure Active Directory).

For more information, see LDAP User Provisioning in the Tenable.sc User Guide.

Data Expiration at Repository Level

Added the ability to set data expiration at a repository level. There will no longer be a global setting for data expiration. When upgrading to Tenable.sc 5.18.0, repositories inherit the data expiration settings based on your previous global settings.

For more information, see Agent Repositories and IPv4/IPv6 Repositories in the Tenable.sc User Guide.

New Export Option for Solution Details

Added the ability to export the fields on the Solution Details page as a .csv file.

For more information, see Export Hosts Affected by a Solution in the Tenable.sc User Guide.

Changed Functionality and Performance Enhancements

  • When you export vulnerabilities as a .csv file, the column labeled "Plugin Text" has been changed to "Plugin Output."

  • The minimum required version for Java has been updated from Java 1.4 to Java 1.8.

Bug Fixes

Bug Fix Defect ID
Added logic to roll back any changes made in connection with LCE data updates should there be an error. 1086533
Fixed a bug in trend lines where data imported close to the snapshot time was not being included in the numbers for each day when using the "First Observed" and "Last Observed" filters. 1122068
Fixed a bug where sorting was not being preserved on list views when moving back and forth on different pages. 586959
Fixed a bug with PDF reports generating incorrect values for the iterator when Tenable.sc finds multiple assets assigned with the same UUID. 1115183
Fixed a bug within the Vulnerability Analysis view where the value that was being preserved for sorting is a column that does not exist for the tool.  
Fixed a memory allocation error in the list software tool that somewhat infrequently causes the tool to crash.  
Fixes a defect in Scan Results where user may have seen "No Values" as options for Group filter on slower connections. 785460
When a user signs in and there is an unassigned certificate available, the user will presented with a new dialogue. If the user selects "Yes", the certificate will assigned to that user and they will be logged in immediately, skipping the "Change Password" dialogue if that option was set for the user. 1019727
Resolved an issue where a Class A or B or C summary in Vulnerability Analysis could not properly export IP addresses into a CSV Report. 1153755
Resolved an issue where Internet Explorer 11 did not properly render fonts when using Tenable.sc. 951822
Resolved an issue where the drill down of certain matrix cells with default clauses would improperly navigate to the Vulnerability Summary page, instead of the Vulnerability List page. 1110694
Resolved an issue where exceedingly rare cases the Job Daemon could crash when it fails to read the Application database. 1172455
Tenable.sc customers on CentOS 8 with SELinux enforcing who are using LCE need to allow rsync to run ssh by changing the rync_client value: setsebool -P rsync_client 1  
Scanners and Groups with the same name will be renamed as duplicates to ensure these tables have unique naming in the future.  
Tenable.sc now validates port scan ranges to ensure they meet the requirements for scans using Tenable.io and Nessus scanners. Invalid ranges will now cause errors at scan time in Tenable.sc instead of on the scanners mid-scan. 830350
The code has been modified so that the first user created in an organization (userID == 1) cannot be deleted. 559685
Fixed a problem when Tenable.sc couldn't login to a scanner and treated it as failed. At that point Tenable.sc reinjected the chunks from the scanner that went offline. However Tenable.sc was reinjecting chunks that had already been downloaded and marked as complete. This caused Tenable.sc to scan some of the hosts twice and caused Tenable.sc to stop before all the hosts had been scanned. Fixed to only reinject chunks that are not completed. 1091012
Objects belonging to one user in a group fails to migrate properly when a User is deleted with their objects being shared to another group. Admin and Organization users can now migrate a user's objects without errors upon that user's deletion. 1091273
Working files created during feed update are deleted after the feed update completes. This resolves a problem in which the files were not deleted, eventually filling the disk. 1090063
Alerts : Emails are not received with Email action and getting error log in the sc-error.log file  
Find/Update Filters - Shows "undefined" 1157589
If you link the Tenable.io cloud scanner using password only and launch an agent scan with duration set to 1 day it will throw an error. The message erroneously reported the ID of the Agent Scan being ran instead of the ID of the Scanner. 1146658
When migrating from any earlier version of Tenable.sc to Tenable.sc 5.17.0, any existing Database Credentials (in that they existed before the migration) will erroneously have their sybase_ase_auth_type field set to "RSA". This field is only meant for Sybase Database credential types and not all Database credential types so the Credential Validator trips up on this. For more information, see the knowledge base article. 1148242
Agent Capable Scanner is not showing up within the Agent Scanner drop down. 1141081
Fixed a Vulnerability Queries segment fault that occurs in a rare use case. 1131863
"User's group does not have access to xxxxx Repository" message hovering over repo. 1124963
Analysis View Shows Total, but Page says "No Results Found." 1088995
Fixed an issue with the Query Tool for reports. When you select a Query for a report, the fields in the Definition section are populated based on the query definition. If the user changes one of those fields, the Query field is supposed to be cleared. When you select a Query, and then modify the filters (add a new one, delete one, or edit an existing one), the Query field is cleared. The same thing should happen if the user selects a different Tool. 1105118
Agent Group Name Change Not Reflected in Web UI. 1083510
Fixed the Content-Security-Policy header in the Tenable UI directive to the correct value.  
Fixed a rounding error in the scan completion duration. 1037558
Fixed Trending Repo Date Range Max Limit of 365 During Quick Setup (max limit should be 999). 1028110
Rename "Scan Policy Plugins" Filter on Active Scans/Results Pages to "Scan Policy." 984313
Vulnerability Analysis not clearing filter in UI. 752877
Remove Purge Tickets from Workflow Permissions Role View. 713105
In Vuln Analysis clicking 'IP Summary' from the 'DNS Name Summary' tool links incorrectly to events. 629975

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.18.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product Tested Version

8.5.1 and later

Tenable.ot 3.4.9 and later
Log Correlation Engine 6.0.0 and later
Nessus Network Monitor 5.9.0 and later