Tenable.sc 5.23.1 Release Notes (2022-09-15)

You can download the update files from the Tenable.sc Downloads page.

Upgrade Notes

If you are running Tenable.sc 5.12.0 or later, you can upgrade directly to Tenable.sc 5.23.1. If you are running a version earlier than Tenable.sc 5.12.0, upgrade to Tenable.sc 5.12.0 before upgrading to Tenable.sc 5.23.1.

If you are running Tenable.sc 5.23.1 and you are using pyTenable with the Tenable.sc API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable.sc Director, upgrade Tenable.sc for all managed Tenable.sc instances connected to Tenable.sc Director. After upgrading, allow up to 15 minutes for your managed Tenable.sc instances to sync with Tenable.sc Director.

Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.

Note: If your upgrade path skips versions of Tenable.sc (for example, upgrading from 5.9.0 to 5.12.0 to 5.23.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable.sc 5.21.0 is the last version of Tenable.sc that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable.sc User Guide.

New Features

Nutanix Credential Integration

Tenable.sc customers can now perform local, remote, and agent-based scans for their Nutanix AOS/AHV infrastructure.

For more information, see Miscellaneous Credentials in the Tenable.sc User Guide.

Host Assets Export

Tenable.sc customers can now export a list of hosts and their attributes on the Host Assets page.

For more information, see Export Hosts in the Tenable.sc User Guide.

Asset Exposure Score (AES) Filtering

Tenable.sc customers can now filter by AES and AES Severity on vulnerabilities, dashboards, and reports.

For more information, see Vulnerability Analysis Filter Components in the Tenable.sc User Guide.

Changed Functionality and Performance Enhancements

Added commas to numbers with four or more digits to make them easier to read.

Bug Fixes

Bug Fix Defect ID

Fixed a validation issue by adding a range validator to CVSS range input fields. The new validator will not allow users to enter an invalid value.

01450804

There was an issue with the backup/restore config tools related to compliance plugins. The config backup tool was modified to only get rows from the xref table in the plugins.db for distinct rowids. Previously the code was not doing this, resulting in a constraint error when trying to insert the rows on config restore.

01429824

Fixed an issue where Ticket Summary Dashboard components were incorrectly allowing the user to drill down, which led to an error in the UI.

01429302

Fixed an issue that caused an error when updating an existing user role.

01433817

Fix issue where certain Audit Files would not upload due to invalid file type.

01429636

Fixed a synchronization bug in the UI so that the frontend code waits for fetchRole operation to finish before doing any other FE operation.

01433037

Fixed an issue where scan results are inaccurate or getting removed on applying the Completion Time filter. Now when a user applies the Completion Time filter, Tenable.sc returns all completed/finished scan results.

01431449

Fixed an issue where the Last Updated column was not sorting on the actual time of the column.

01429272

Fix missing plugin name when using vulnerability details list tools in a dashboard component.

01420121

Fixed an issue where the defragmentation job for repositories was being launched even in cases where it was not needed, causing other processes to take longer, like the preparation of remote repositories for synchronization.

01412532

An issue has been fixed in which adding an entry using a UUID format for the Hashicorp Vault Type for the Hashicorp Credential failed.

01405361, 01425261

Fixed the issue where system logs were not visible if the browser time zone was ahead of the Tenable.sc server time zone.

01406784

Fixed an issue with user provisioning and Microsoft ADFS.

01360624

Vulnerability mitigation for the port scanner types of plugins - 14272, 14274, 34220 - are now considered to have a port scan of "all" for a particular host if they report any port for a scan for that host. This will now mitigate various ports that were found open in earlier scans that are now fixed, since these types of plugins scan all of the ports.

01374990

After a query has been deleted, users can now view, edit, export, or copy any report that references the deleted query. Now, owners of these reports can also move between groups.

01369194

Fixed a readability issue in the matrix cells by removing the alpha blending, so that it shows the background and text color.

01364070

Fixed an issue where sometimes one to all targets in a scan definition are scanned for, even inside an active Freeze Window.

01306531, 01378779

Role-based access control is now available for host assets. There is a new role, View Host Assets, to allow users to access host assets.

01327019

Fixed issues summing the number of devices in Asset Lists under repository contexts and across all repositories.

01287270

Fixed an issue where if a scanner that Tenable.sc is utilizing for a scan goes down and back up again, the original scan reports/chunks from that scanner are not cleaned up during the scan.

01287134

Known Issues

  • When a new user is created and the new user logs in right away after user creation, dashboards are not immediately populated with data.

  • Switching quickly between LCE pages sometimes causes an error.
  • There is an error when a user drills down into analysis pages, and then clicks the back button in the browser. The workaround is to navigate using the headers in Tenable.sc.

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.23.1.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product Tested Version
Nessus

8.9.0 and later

Tenable.ot 3.9.25 and later
Log Correlation Engine 6.0.0 and later
Nessus Network Monitor 5.11.0 and later