Tenable Security Center Patch SC-202407.1

We are pleased to announce the availability of patch SC-202407.1 for Tenable Security Center. This important update addresses multiple security vulnerabilities:

• PHP Vulnerabilities: CVE-2024-5458 and CVE-2024-5585
• Apache Vulnerabilities: CVE-2024-24795, CVE-2024-27316, and CVE-2023-38709 (Note: These Apache CVEs are already fixed in version 6.4.0. See Important Notes below)

Affected Versions:

This patch applies to the following Security Center (SC) versions:

• SC 6.4.0
• SC 6.3.0
• SC 6.2.1

Release Notes:

For detailed information about the patch, please refer to the release notes:

• SC 6.4.0 and 6.3.0
• SC 6.2.1

Download:

You can download the patch from the following link: Security Center Downloads

Security Advisories:

For further details on the vulnerabilities, please see the security advisories:

• PHP CVEs Security Advisory
• Apache CVEs Security Advisory (for SC 6.3.0 and 6.2.1)

Important Notes:

• Apache Vulnerability Resolution: Security Center version 6.4.0 already resolves the Apache vulnerability as per TNS-2024-10.
• Patch Severity:
  • 6.4.0: High severity (PHP only)
  • 6.3.0 and 6.2.1: Critical severity (both Apache and PHP)
• Manual Installation Required: This patch requires manual installation and cannot be installed automatically via the Security Center Software Updates feature.
• End of Patches for SC 5.x: No more patches will be produced for SC 5.x; customers are strongly recommended to upgrade to the latest version of Security Center.

Thank you for your attention to this critical update. If you have any questions or need assistance, please reach out to our support team.