[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral
Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (Apache, PHP, libcurl) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Security Center Patch SC-202602.1 updates Apache to version 2.4.66, PHP to version 8.2.30, and libcurl to version 8.18.0 to address the identified vulnerabilities.
Additionally, an externally reported vulnerability was fixed and a separate patch has been made available, Patch SC-202602.2.
- A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
