March 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
June 4, 2021Rewterz Informative Update – Phishing, Vishing, Baiting, Smishing – What is happening?
June 4, 2021Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
June 4, 2021Rewterz Informative Update – Phishing, Vishing, Baiting, Smishing – What is happening?
June 4, 2021
Severity
High
Analysis Summary
CVE-2020-11023, CVE-2020-11022, CVE-2021-23840, CVE-2021-3449, CVE-2020-1971, CVE-2020-1967, CVE-2019-1551
Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL and jQuery components to address the potential impact of these issues.
Impact
- Unauthorized Access
Affected Vendors
Tenable
Affected Products
- Log Correlation Engine 6.0.8 and earlier
Remediation
Tenable has released Log Correlation Engine 6.0.9 to address these issues.
The installation files can be obtained from the Tenable Downloads Portal. (https://www.tenable.com/downloads/log-correlation-engine).