Forum Discussion
Deprecation of Existing Vendor Unpatched Vulnerability...
Deprecation of Existing Vendor Unpatched Vulnerability Plugins
Summary
Tenable is making fundamental improvements to reporting findings for vulnerabilities that do not have a patch available from the vendor (Vendor Unpatched Vulnerabilities). The first step of this process is to deprecate the existing plugins for Vendor Unpatched Vulnerabilities (see the Affected Plugins section for more details). Deprecating existing Vendor Unpatched Vulnerability plugins will allow Tenable to ensure accurate findings and a consistent user experience.
Impact
Customers who have previously opted-in to scanning for Vendor Unpatched Vulnerabilities will see findings remediated when these plugins are deprecated.
This change will be transparent to customers who have not added the “Scan for unpatched vulnerabilities (no patched or mitigations available)” setting to their scan policy.
Tenable is targeting release of replacement plugins with greater accuracy in the near term.
Affected Plugins
Tenable will deprecate 1809 plugins Vendor Unpatched Vulnerability plugins (see Tenable’s plugins page for specifics). These plugins belong to the Red Hat Local Security Checks plugin family.
Target Release Date
February 3, 2025
More information about the initial release of Unpatched Vulnerability plugins can be found at https://community.tenable.com/s/feed/0D5WP000006LJCS0A4
2 Replies
I'm concerned about these vulnerabilities disappearing. We have a policy that any unsupported or unpatched/unpatchable software be removed from our environment. We can't very well identify them if the alerts about them are disappearing, or automatically being moved to remediated.
Am I misunderstanding what's happening here?
Hi Justin,
Thanks for your question. We will release new, improved plugins covering this set of vulnerabilities very soon. This deprecation step is required to make space for the newly designed plugins. I am confident that the new plugins (which focus on a specific CVE instead of product:package) will provide you with a better view of these vulnerabilities. Please be on the lookout for a new Research Release Highlight covering the details of the new plugins in the coming days.
