Tenable.sc 5.20.0 Release Notes (2022-01-05)

Note: Tenable recommends upgrading to the patch for this release, Tenable.sc Patch 202204.1, which includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

You can download the update files from the Tenable.sc Downloads page.

Upgrade Notes

If you are running Tenable.sc 5.12.0 or later, you can upgrade directly to Tenable.sc 5.20.0. If you are running a version earlier than Tenable.sc 5.12.0, upgrade to Tenable.sc 5.12.0 before upgrading to Tenable.sc 5.20.0.

If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable.sc installation to the “Trusted Sites” zone in order for the application to load.

If you are running Tenable.sc 5.20.0 and you are using pyTenable with the Tenable.sc API, you must upgrade pyTenable to version 1.4.2 or later.

Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 5.9.0 to 5.12.0 to 5.20.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

New Features

Asset Host View

Added a Host View table where you can see details about the asset, associated findings (vulnerabilities), and the associated software inventory.

For more information, see View Hosts in the Tenable.sc User Guide.

Asset Criticality Rating (ACR)

Added in automatic calculation of Asset Criticality Rating (ACR) to be used as part of a Risk Based Approach to Vulnerability Management. Automatic ACR calculation can also be overridden to reflect the most accurate picture of each of your Assets criticality to your environment. ACR can be used throughout Tenable.sc. Note this feature requires a Tenable.sc+ license.

Note: As part of the initial ACR score calculation which occurs after the initial Tenable.sc 5.20.0 installation or upgrade, you must re-scan each host to ensure that Tenable.sc has the data required to calculate an ACR score. Until that re-scan has been completed, some hosts may not have an ACR score assigned.

For more information, see View Lumin Metrics in the Tenable.sc User Guide.

UI Improvements

To give our users a more updated and consistent experience across Tenable products, we have made the following enhancements:

  • Single button to refresh all dashboard components

  • Dashboard enhancements and modernization

  • Tab modernization throughout Tenable.sc

  • Enhanced template creation experience

  • Enhanced filter experience

  • Dark mode severity colors update to align with light mode color scheme

Manage Nessus Scanners in Tenable.sc

Added the ability to manage the Nessus scanners directly in the Tenable.sc UI.

For more information, see Picture in Picture in the Tenable.sc User Guide.

Backup and Restore Tenable.sc Configuration Data

Added the ability to backup and restore Tenable.sc configuration data.

For more information, see Configuration Backups in the Tenable.sc User Guide.

Advanced Agent Scan Policy

Added support for adding an Advanced Agent Scan Policy directly in Tenable.sc.

For more information, see Agent Scans in the Tenable.sc User Guide.

Tenable.sc File Integrity Check

Added the ability to check the integrity of critical Tenable.sc files.

For more information, see Diagnostics Settings in the Tenable.sc User Guide.

Enhanced Diagnostics

Added additional output items to the diagnostics capability of Tenable.sc.

For more information, see Diagnostics File Options in the Tenable.sc User Guide.

Updated Third Party Integrations

The following integrations have been enhanced:

  • Tenable.sc now works with the CyberArk 2.0 APIs

  • Tenable.sc now allows for credential support when assessing MongoDB

For more information, see SSH Credentials, Windows Credentials, and Database Credentials in the Tenable.sc User Guide.

Changed Functionality and Performance Enhancements

Display Name in Plugin 19506

Tenable.sc now shows the scan name in Plugin 19506.

Deprecated Shibboleth 1.3

Tenable.sc no longer supports Shibboleth 1.3. Shibboleth 2.0 continues to be supported.

Deprecated Scan Policy Templates

Tenable.sc 5.20.0 no longer supports the following scan policy templates:

  • Badlock detection

  • Bash Shellshock detection

  • DROWN detection

  • Shadow Brokers Scan

You cannot create a new scan policy using a deprecated template using the Tenable.sc UI or API. If you have an existing scan policy using one of these deprecated templates, you can continue to view, edit, and use the templates in scans.

Security Updates

  • Removed the SecurityCenter Version header from all Tenable.sc API calls to prevent unauthorized users from determining the currently running Tenable.sc version.

Bug Fixes

Bug Fix Defect ID
Fixed an issue where upgrading to Tenable.sc 5.19 resulted in a database backup error. 01243705
Corrected an issue where the Plugin Timestamp was displaying incorrectly. 01289970
Corrected an issue when selecting an invalid interval on the scheduling API caused a job daemon to crash. 01276243
Fixed a discrepancy when using filtering in asset lists. 01263324
Fixed an issue where Invalid Scan Zones was reported after re-adding a scanner. 01260386
Corrected an issue where the % usage of repository size was showing incorrectly. 01274320
Corrected an issue syncing Dynamic Assets to Tenable.io Tags when the Tenable.io Networks feature is disabled. 01251591
Corrected an issue where the status of NNM scanners initially displays incorrectly in the Options -> Update Status screen. 01267931
Corrected an issue in Tenable.sc Director which resulted in a Fingerprint Mismatch or Protocol Error. 01266404
Corrected a Remote Repository sync issue that occurred in rare instances under certain conditions. 01246158
Fixed an issue leading to query errors in the Vulnerability Analysis drill downs when a selected filter returned no matches. 01194875
Corrected an issue that was causing an internal port range error on the Internal PCI Audit Template. 01248527
Fixed an issue where other installations could no longer set up remote agent repositories against the current one. 01252376
Corrected an issue where under certain circumstances a regular user could view the User page. 01252321
Resolved an issue when building an SCAP results file against a large number of hosts. 01246830
Corrected a display issue when rendering a large amount of reports in the Report Results page. 01248675
Corrected an issue where a report would not generate correctly under certain circumstances. 01245189
Resolved an issue where the Output Asset Filter was removed when browsing Dashboard Component Data. 01220853
Corrected an issue where filtering by tags on the Assets page would lead to an error. 01241243
Aligned the list of ignored plugins qualifying assets against the Tenable.sc license with that of Tenable.io. 01219651
Corrected an issue when filters on the Vulnerability Analysis page would incorrectly be removed upon clearing values. 01220587
Correct a rare issue where asset information incorrectly displayed information from a different asset. 01219813
Corrected a formatting issue when creating a PDF that contained certain special characters. 01193789
A version check has been added so that the Tenable.sc RPM can't be installed on the wrong OS version. An error message will be shown and the installation will stop if the user attempts to install on the wrong OS version. N/A
Corrected an issue with Airwatch integration. 01123262
Deprecated "Network Type" has been removed from scan policy creation options. 01088164
Added optimizations when editing and deleting application-level Credentials, Audit Files, and Scan Policies to improve performance. 00711536
Corrected an issue where under certain circumstances Remediation Scans would error out. 00635591
Corrected a parsing issue in reports for the <> symbols. 00512200

Known Issues

  • LCE Archived Silos cannot be selected in the Tenable.sc UI

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.20.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product Tested Version
Nessus

8.9.0 and later

Tenable.ot 3.9.25 and later
Log Correlation Engine 6.0.0 and later
Nessus Network Monitor 5.11.0 and later