Tenable.sc5.19.0 Release Notes (2021-07-22)

Note: Tenable recommends upgrading to the patches for this release, Tenable.sc Patch 202109.1 and Tenable.sc Patch 202110.1, which include fixes for potential vulnerabilities. For more information, see the Tenable Product Security Advisory.

You can download the update files from the Tenable.sc Downloads page.

Upgrade Notes

If you are running Tenable.sc 5.9.0 or later, you can upgrade directly to Tenable.sc 5.19.0. If you are running a version earlier than Tenable.sc 5.9.0, upgrade to Tenable.sc 5.9.0 before upgrading to Tenable.sc 5.19.0.

If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable.sc installation to the “Trusted Sites” zone in order for the application to load.

Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 5.6.2.1 to 5.9.0 to 5.19.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

New Features

Dark Mode

Added the ability to view Tenable.sc in dark mode.

For more information, see User Accounts in the Tenable.sc User Guide.

Increased Repository Size

Upgraded the maximum repository size from 32GB to 64GB and added the ability to view repository capacity.

For more information, see Repositories in the Tenable.sc User Guide.

Write-Ahead Logging (WAL) Mode

Added the ability to enable write-ahead logging to reduce issues with database locks.

For more information, see Tenable.sc Database Journaling Modes in the Tenable.sc User Guide.

Tenable.sc-Lumin Synchronization Support for Overlapping IP Addresses

Added the ability to synchronize Tenable.sc repositories to individual networks in Tenable.io instead of synchronizing all repositories to the default Tenable.io network.

For more information, see Lumin Synchronization in the Tenable.sc User Guide.

Tenable.sc Director License Allocation Dashboard Widget

Added a widget to the Tenable.sc Director Insights dashboard that shows license usage across multiple Tenable.sc instances.

For more information, see Insights Dashboard in the Tenable.sc Director User Guide.

View System Logs for Managed Tenable.sc Instances

Added the ability to view all managed Tenable.sc instance system logs from a centralized Tenable.sc Director.

For more information, see System Logs in the Tenable.sc Director User Guide.

UI Improvements

To give our users a more updated and consistent experience across Tenable products we have made the following changes:

  • Improved appearance of Tenable.sc buttons, filters, and other elements in some areas of the UI, including dashboards, vulnerability analysis, user roles, and reports.

  • Updated the colors for severity messages

    comparison of old and new severity warning colors

Generic SSH Compliance Checks

Added the ability to perform generic SSH checks regardless of underlying platform.

For more information about compliance scan policy options, see Compliance Options in the Tenable.sc User Guide.

ZTE Plugin Support

Added the option for ZTE Plugin for audits.

For more information about compliance scan policy options, see Compliance Options in the Tenable.sc User Guide.

Changed Functionality and Performance Enhancements

  • Removed support for RTF reports in Tenable.sc. Existing RTF report jobs will be automatically converted to PDF. Existing RTF reports will be preserved.

  • Because Shibboleth 1.3 SSO has reached end of life, Tenable.sc has added a message to warn users that Shibboleth 1.3 will no longer be supported with the next release.

    Note: To avoid future upgrade errors, Tenable recommends updating to Shibboleth 2.0.

  • Added support for privilege escalation for Arcon SSH credentials.

  • Upgraded to PHP 7.4

Bug Fixes

Bug Fix Defect ID
Fixed count in the List OS view. The count in the List OS view is different than when you drill down on an entry and check the total results. Some of the counts were correct but others were not. 00572284
Fixed a permission issue relating to a failed check for DISA Red Hat Linux 6 STIG Version 1 Release 18. 00592555
Fixed an issue whereby vulns do not mitigate on certain ports for agent scans as well as active scans. Also, understanding of "default" ports and "all" ports now fits with that of Nessus. N/A
Resolved a "Max Sessions Error Occurring" in rare situations where sessions counts weren't tracked correctly. 00689916
Fixed an issue where dashboard components on the same schedule did not always line up visually. (e.g. Matrix columns, in particular) 00692279
Security Managers will be able to see notifications for feed updates that they initiated 00702290
Resolved a divide by zero error in a metric that can occur in a custom report. 00709655
Fixed information missing in report after renaming. 00778031
Fixed job errors related to an already deleted report 00772175
Resolved an issue with accuracy in Scan results 00801204
Scans will now show a status message "Import Pending" when the scan has completed, but the import has not yet started. 00869302
Fixed issue in Vulnerability Analysis where "Name" sort sorts by Plugin ID incorrectly 00977750
Fixed issue when create report using cumulative data setting is ignored 00999725
Fixed issues where agent-sync scan in Tenable.sc returns incorrect count when previewing and importing 00990365

The reported error message has been modified to reflect that it is not related to Session Management. This will now report "Your Tenable.sc session token is invalid or has expired. Please login and try again."

Customers who see the original error frequently may continue to see it due to connectivity, storage, or other such limitations.

01021135
Fixed an issue when set to more than 120 days, scan results show in the “Scan Results" tab. But then the screen is stuck there, unable to navigate to a screen such as "Active Scans." 01026145
When editing a policy, toggling a preference that causes other preferences to become hidden will reset those preferences to their default value in the saved policy definition. 01044449
Fixed a database issue encountering malformed database disk image in jobqueue.db 01045650
Fixed "Validation failure" while generating a CSV or PDF from scan results 01059340
Fixed reports generating with an odd separation between IP and results 01068033
The user when creating a CSV report had plugin output data that the code was processing incorrectly and splitting the data within the plugin output in such a way that other fields were getting corrupted causing the CSV file to contain jumbled data. The code was modified to not split the plugin output data resulting in a correctly formatted CSV file. 01116654
Fixed maximum character limit for CVE-ID query parameter that caused report to fail 01130071
Fixed an issue where exported policies from a simplified Chinese locale Tenable.sc lose settings detail. 01139041
Resolved an issue where an upgrade of Tenable.sc could incorrectly fail with an insufficient disk space error. 01147796
Resolved an issue where all plugin types were not displaying in dashboard. 01149389
Code was added to nightly cleanup that handles stale schedule objects such that if the owner of a schedule object has been deleted, the schedule object is removed from the schedule. 00679875
Fixed a cross-reference filter that returns no results against remote repositories. 01154865
Removed the call to rm.js as that file no longer exists. 01158192
Resolved an error where a linked user account was unable to view system logs 01159707
Fixed a bug where VPR scores were getting lost for plugins. A Tenable.sc feed update adds the VPR scores and context for plugins. A plugin update after that (active or passive) was clearing the VPR score (not the VPR context). The plugin update code was modified (for both active and passive plugins) so that the VPR scores are maintained. 01158300
Addressed rare interaction between simultaneous Tenable.sc scans. 01162312
Fixed an issue with audit files not being able to be utilized in ASR reports. 01163544
Fixed API documentation error regarding parameters sent to dnsName. 01167364
Fixed an issue where a user was unable to import scan into Tenable.sc, in spite of repository covering the IP range of all targets included in the scan 01173874
Fixed an issue were a terminated user is still showing on reports under the shared section 01148195
Resolved an issue where "/rest/configSection/0" API call was returning empty key/value pair ("features":{"":""}) 01172378
Fixed an issue where the Initiator filter was not applying in the system logs view 01177778
Fixed an issue where plugins including 145071, 146060 & 146948 were not displayed after initial scan in remediation scans or subsequent scans. 01176974, 01171369
Fixed an issue where plugin name was not being displayed in the vulnerability detailed view in dashboards 01174465
Resolved an issue where Accept Risk repo filter was not working. 01177668
Fixed an issue where LDAP integration forced username/password after a Tenable.sc upgrade 01191763
Fixed an issue where "invalid port_range preference" errors would occur under certain conditions. 01192043
Fixed an issue where in rare circumstances a "too many arguments" error would be generated when performing a command line upgrade 01193926
Fixed an issue where under certain circumstances PHP warnings for dns_get_record would write multiple entries to the log 01185071
Resolved the issue with under Group Permissions in Add Users where more than 5 Groups are not showing with the scrollbar. 01194924
Fixed an issue where if an API user did not log into the Tenable.sc UI the account would lock out after a certain period of time 01196404
Fixed an issue where the Vulnerability Mitigated filter (if selected) would be removed from CSV reports when saving 01192147
Fixed an issue where Remediation scan was showing up incorrectly in the settings when a vulnerability was selected in an Agent repository. N/A
Fixed an issue where authsources-custom.php was not migrated to the updated location after upgrading Tenable.sc 01199001
Fixed an issue of "uncaught type" error message appearing when hovering over the membership group info icon 01196049
Fixed an issue where under certain circumstances a self signed certificate would fail to generate after upgrading from an older (<5.16) version of Tenable.sc 01197421
Fixed an issue where in the Scanners screen where the Nessus Scanner Version column was not sorting correctly 01199316
Fixed an issue introduced in Tenable.sc 5.18 where the Output Assets filter was not working correctly 01202395
Fixed an issue where under certain circumstances attempting to view the version of Java using the command line would return an error 01201749
Fixed a rare error when scans would not import correctly when using a sequence of characters preceding a '\' 01188621
Fixed an issue with error handling when sending an incorrectly formatted SAML request 01199951
Fixed a display issue with the "Load Query" dialog box appearing off screen 01209052
Fixed an issue where under certain circumstances filter pop-up windows would not display correctly on the Vulnerability Analysis screen 01200001
Resolved an issue where the IP address is overwriting after uploading both the .nessus files in one repository with "Scan Virtual hosts" ON 01210833

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.19.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product Tested Version
Nessus

8.5.1 and later

Tenable.ot 3.4.9 and later
Log Correlation Engine 6.0.0 and later
Nessus Network Monitor 5.9.0 and later