[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization - Research Advisory

<!DOCTYPE html>   <html class="no-js html--no-js" lang="en">   <head> <meta charset="utf-8" /> <meta name="description" content="Current installations of Pivotal's Spring Framework suffer from a potential remote code execution (RCE) issue. Depending on how the library is implemented within a product, it may or may not manifest, and authentication may be required. We have confirmed that current integration in commercial vendor products are affected, so this is not academic. The following write-up is based on how one vendor implemented the Spring Framework and became vulnerable, but illustrates how many other products and vendors could be impacted as well. What Is HttpInvokerServiceExporter?" /> <link rel="canonical" href="https://www.tenable.com/security/research/tra-2016-20" /> <meta property="og:site_name" content="Tenable®" /> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.tenable.com/security/research/tra-2016-20" /> <meta property="og:title" content="[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization" /> <meta property="og:description" content="Current installations of Pivotal's Spring Framework suffer from a potential remote code execution (RCE) issue. Depending on how the library is implemented within a product, it may or may not manifest, and authentication may be required. We have confirmed that current integration in commercial vendor products are affected, so this is not academic. The following write-up is based on how one vendor implemented the Spring Framework and became vulnerable, but illustrates how many other products and vendors could be impacted as well. What Is HttpInvokerServiceExporter?" /> <meta property="og:image:width" content="640" /> <meta property="og:image:height" content="360" /> <meta property="og:updated_time" content="2019-03-08T13:03:24-05:00" /> <meta property="article:published_time" content="2016-07-08T17:44:53-04:00" /> <meta property="article:modified_time" content="2019-03-08T13:03:24-05:00" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:description" content="Current installations of Pivotal's Spring Framework suffer from a potential remote code execution (RCE) issue. Depending on how the library is implemented within a product, it may or may not manifest, and authentication may be required. We have confirmed that current integration in commercial vendor products are affected, so this is not academic. The following write-up is based on how one vendor implemented the Spring Framework and became vulnerable, but illustrates how many other products and vendors could be impacted as well. What Is HttpInvokerServiceExporter?" /> <meta name="twitter:title" content="[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization" /> <meta name="twitter:creator" content="@tenablesecurity" /> <meta name="twitter:url" content="https://www.tenable.com/security/research/tra-2016-20" /> <meta name="twitter:image:height" content="360" /> <meta name="twitter:image:width" content="640" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="node-type" content="research_advisory" /> <meta name="node-author" content="Jacob Baines" /> <title>[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization - Research Advisory | Tenable®</title> <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="author" href="//tenable.com/humans.txt" /> <link rel="apple-touch-icon" sizes="180x180" href="/themes/custom/tenable/images-new/favicons/apple-touch-icon-180x180.png"> <link rel="manifest" href="/themes/custom/tenable/images-new/favicons/manifest.json"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/tenable-favicon.svg" type="image/svg+xml"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/favicon.ico" sizes="16x16 32x32 48x48" type="image/x-icon"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/favicon-16x16.png" sizes="16x16" type="image/png"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/favicon-32x32.png" sizes="32x32" type="image/png"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/favicon-48x48.png" sizes="48x48" type="image/png"> <link rel="icon" href="/themes/custom/tenable/images-new/favicons/favicon-96x96.png" sizes="96x96" type="image/png"> <meta name="msapplication-config" content="/themes/custom/tenable/images-new/favicons/browserconfig.xml"> <meta name="theme-color" content="#ffffff">  <meta name="facebook-domain-verification" content="apxupe11lzg5js54amntzhrxb1epj6" /> <link rel="alternate" type="application/rss+xml" title="Tenable Blog" href="https://feeds.feedburner.com/tenable/qaXL" /> <link rel="alternate" type="application/rss+xml" title="Tenable Podcast" href="https://www.tenable.com/podcasts/feed" /> <link rel="alternate" type="application/rss+xml" title="Tenable News" href="https://tenable.com/feed/news" /> <link rel="alternate" type="application/rss+xml" title="Tenable.sc Dashboards" href="https://feeds.feedburner.com/scdashboards" /> <link rel="alternate" type="application/rss+xml" title="Tenable.sc Report Templates" href="https://feeds.feedburner.com/securitycenterreporttemplates" />  <link rel="dns-prefetch" href="//munchkin.marketo.net"> <link rel="dns-prefetch" href="//googletagmanager.com"> <script>(function(){var cL=document.documentElement.classList;cL.remove('html--no-js');cL.add('html--js')})()</script> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_xRYYGEQ95W6DrokKXZIPxY7EMTWDumzXTtXLi1qLSn4.css?delta=0&language=en&theme=tenable&include=eJwrriwuSc3VT0osTtUpSc1LTMpJ1c9JTU9MrtRNLi5GF8pITUxJLdJNy88vSS0CAKZSFo4" /> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_AQFmxAjbhVvq3SBamY626UFQwHa1KpBHpwIHAv3Zsj8.css?delta=1&language=en&theme=tenable&include=eJwrriwuSc3VT0osTtUpSc1LTMpJ1c9JTU9MrtRNLi5GF8pITUxJLdJNy88vSS0CAKZSFo4" />  <script> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.push(arguments); } gtag("consent", "default", { ad_storage: "granted", analytics_storage: "granted", wait_for_update: 5000, }); gtag("consent", "default", { ad_storage: "denied", analytics_storage: "denied", wait_for_update: 5000, region: ['AT', 'BE', 'BG', 'HR', 'CY', 'CZ', 'DK', 'EE', 'FI', 'FR', 'DE', 'GR', 'HU', 'IE', 'IT', 'LA', 'LT', 'LU', 'MT', 'NL', 'PL', 'PT', 'RO', 'SK', 'SI', 'ES', 'SE', 'GB', 'IS', 'LI', 'NO', 'CH', 'CA'], }); gtag("set", "ads_data_redaction", true); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-NBM4TM'); </script>  </head> <body class="path-node page-node-type-research-advisory">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NBM4TM" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <ul class="visuallyhidden u-sr-only"> <li><a href="#site-nav">Skip to Main Navigation</a></li> <li><a href="#block-tenable-content">Skip to Main Content</a></li> <li><a href="#site-footer">Skip to Footer</a></li> </ul> <svg style="display: none;"><symbol viewBox="0 0 80 80" id="icons_001"><title>Facebook</title> <path d="M25.29,42.48H34V68.32h10.4V42.48h8.67l1.3-10.07h-10V26c0-2.92.81-4.9,5-4.9h5.33v-9a71.26,71.26,0,0,0-7.77-.4c-7.69,0-13,4.69-13,13.31v7.43h-8.7V42.48"/> </symbol><symbol viewBox="0 0 80 80" id="icons_002"><title>Google Plus</title> <g> <path d="M27.23,35.59v8.82h12c-1.88,5.72-4.81,8.83-12,8.83a13.23,13.23,0,0,1,0-26.46A12.58,12.58,0,0,1,35.86,30c1.83-1.83,1.68-2.09,6.33-6.5a22.25,22.25,0,1,0-15,38.75c18.35,0,22.84-16,21.35-26.68H27.23Z"/> <polygon points="67.3 36.03 67.3 28.31 61.79 28.31 61.79 36.03 53.87 36.03 53.87 41.54 61.79 41.54 61.79 49.48 67.3 49.48 67.3 41.54 75 41.54 75 36.03 67.3 36.03"/> </g> </symbol><symbol viewBox="0 0 80 80" id="icons_003"><title>Twitter</title> <path d="M66.82,17.22a22.94,22.94,0,0,1-7.4,2.89,11.49,11.49,0,0,0-8.5-3.77A11.8,11.8,0,0,0,39.28,28.29a12.18,12.18,0,0,0,.3,2.72,32.79,32.79,0,0,1-24-12.48,12.16,12.16,0,0,0-1.58,6,12,12,0,0,0,5.18,9.94A11.43,11.43,0,0,1,13.9,33v0.15a11.87,11.87,0,0,0,9.35,11.71,11.1,11.1,0,0,1-3.07.42A11.32,11.32,0,0,1,18,45.05a11.69,11.69,0,0,0,10.88,8.29A23,23,0,0,1,14.4,58.46a23.31,23.31,0,0,1-2.78-.16,32.42,32.42,0,0,0,17.85,5.36c21.42,0,33.14-18.19,33.14-34,0-.52,0-1,0-1.55a23.91,23.91,0,0,0,5.81-6.18,22.75,22.75,0,0,1-6.69,1.88A11.92,11.92,0,0,0,66.82,17.22Z"/> </symbol><symbol viewBox="0 0 80 80" id="icons_004"><title>LinkedIn</title> <g> <rect x="11.99" y="30.38" width="11.5" height="36.44"/> <path d="M54.91,30c-6.59,0-10.72,3.57-11.48,6.07V30.38H30.51c0.17,3,0,36.44,0,36.44H43.43V47.1a8.3,8.3,0,0,1,.28-3,6.58,6.58,0,0,1,6.23-4.46c4.49,0,6.53,3.37,6.53,8.3V66.82h13V46.56C69.5,35.27,63.08,30,54.91,30Z"/> <path d="M17.52,13.18c-4.25,0-7,2.73-7,6.33s2.7,6.32,6.86,6.32h0.08c4.32,0,7-2.8,7-6.33S21.77,13.18,17.52,13.18Z"/> </g> </symbol><symbol viewBox="0 0 80 80" id="icons_005"><title>YouTube</title> <path d="M67.82,21.38a8.79,8.79,0,0,0-6.19-2.63C53,18.12,40,18.12,40,18.12h0s-13,0-21.61.63a8.8,8.8,0,0,0-6.19,2.63c-1.85,1.89-2.45,6.17-2.45,6.17a94.78,94.78,0,0,0-.62,10.07v4.72a94.73,94.73,0,0,0,.62,10.07s0.6,4.29,2.45,6.17c2.35,2.48,5.44,2.4,6.81,2.66,4.94,0.48,21,.63,21,0.63s13,0,21.63-.65a8.8,8.8,0,0,0,6.19-2.64c1.85-1.89,2.46-6.17,2.46-6.17a94.74,94.74,0,0,0,.62-10.07V37.63a94.79,94.79,0,0,0-.62-10.07S69.67,23.27,67.82,21.38ZM33.62,48.07V30.59l16.69,8.77Z"/> </symbol><symbol viewBox="0 0 80 80" id="icons_006"><title>RSS</title> <g> <circle cx="20.71" cy="59.29" r="7.71"/> <path d="M13,31V41.29A25.74,25.74,0,0,1,38.72,67H49A36,36,0,0,0,13,31Z"/> <path d="M13,13V23.29A43.76,43.76,0,0,1,56.72,67H67A54.06,54.06,0,0,0,13,13Z"/> </g> </symbol><symbol viewBox="0 0 80 80" id="icons_007"><title>Menu</title> <g> <rect x="15" y="24" width="50" height="4"/> <rect x="15" y="38" width="50" height="4"/> <rect x="15" y="52" width="50" height="4"/> </g> </symbol><symbol viewBox="0 0 80 80" id="icons_008"><title>Search</title> <path d="M66.66,63.4L53.1,49.3a23,23,0,1,0-4.43,4.05L62.34,67.56A3,3,0,0,0,66.66,63.4ZM35.5,17.52a17,17,0,1,1-17,17A17,17,0,0,1,35.5,17.52Z"/> </symbol><symbol viewBox="0 0 21 21" id="icons_062"><title>Resource - Blog</title><g id="icons_062-Layer_2" data-name="Layer 2"><g id="icons_062-Isolation_Mode" data-name="Isolation Mode"><path d="M20.57,5,16.05.43A1.48,1.48,0,0,0,15,0h0a1.48,1.48,0,0,0-1,.43L3.36,11.08a1.48,1.48,0,0,0-.33.5L.1,19A1.48,1.48,0,0,0,2,20.9L9.44,18a1.48,1.48,0,0,0,.51-.33L20.57,7A1.48,1.48,0,0,0,20.57,5ZM2.79,18.22l2-5,.33-.33,3.38,2.67-.68.68ZM10,14.1,6.57,11.43l8.29-8.33,3.06,3.06Z" fill="#fff"/></g></g></symbol><symbol viewBox="0 0 25 25" id="icons_063"><title>Resource - Webinar</title><g id="icons_063-Layer_2" data-name="Layer 2"><g id="icons_063-Layer_1-2" data-name="Layer 1"><path d="M9.37,18a.58.58,0,0,1-.58-.58V7.56a.58.58,0,0,1,.94-.45l8,4.94a.58.58,0,0,1,0,.91l-8,4.94A.58.58,0,0,1,9.37,18Zm1.28-8.21v5.38l4.64-2.69Z" fill="#fff"/><path d="M12.5,0A12.5,12.5,0,1,0,25,12.5,12.5,12.5,0,0,0,12.5,0Zm0,23A10.46,10.46,0,1,1,23,12.5,10.46,10.46,0,0,1,12.5,23Z" fill="#fff"/></g></g></symbol><symbol viewBox="0 0 19.4 23" id="icons_064"><title>Resource - Report</title><g id="icons_064-Layer_2" data-name="Layer 2"><g id="icons_064-Icons"><path d="M6.3,11.6h7.57a.86.86,0,1,0,0-1.7H6.3a.86.86,0,1,0,0,1.7Zm0,1.71A.86.86,0,1,0,6.3,15h4.77a.86.86,0,1,0,0-1.71Zm0,5h7.57a.86.86,0,1,0,0-1.7H6.3a.86.86,0,1,0,0,1.7ZM17.68,0H6.33a.58.58,0,0,0-.41.17L.17,5.92A.58.58,0,0,0,0,6.33V21.28A1.72,1.72,0,0,0,1.73,23h16a1.72,1.72,0,0,0,1.72-1.72V1.73A1.72,1.72,0,0,0,17.68,0ZM5.75,2.88V5.18a.58.58,0,0,1-.58.57H2.88ZM17.33,20.36a.58.58,0,0,1-.58.58H2.65a.58.58,0,0,1-.58-.58V7.82h4A1.73,1.73,0,0,0,7.82,6.1v-4h8.94a.58.58,0,0,1,.58.58Z" fill="#fff"/></g></g></symbol><symbol viewBox="0 0 24.8 21.34" id="icons_065"><title>Resource - Event</title><g id="icons_065-Layer_2" data-name="Layer 2"><g id="icons_065-Icons"><path d="M7.63,2.34H1.91A1.91,1.91,0,0,0,0,4.24V19.43a1.91,1.91,0,0,0,1.91,1.91h21a1.91,1.91,0,0,0,1.91-1.91V4.24a1.91,1.91,0,0,0-1.91-1.91H17.17m-1.95,0H9.58M1.95,19.51v1h0V4.17H22.85V19.51m-17-8.83h4.55a.76.76,0,0,0,.76-.76v-3a.76.76,0,0,0-.76-.76H5.83a.75.75,0,0,0-.76.76v3a.76.76,0,0,0,.76.76Zm.76-3h3V9.16h-3Zm-.76,10h4.55a.76.76,0,0,0,.76-.76v-3a.77.77,0,0,0-.22-.54.76.76,0,0,0-.54-.22H5.83a.75.75,0,0,0-.76.76v3a.76.76,0,0,0,.76.76Zm.76-3h3v1.52h-3Zm7.77-4h4.55a.76.76,0,0,0,.76-.76v-3a.76.76,0,0,0-.76-.76H14.36a.75.75,0,0,0-.76.76v3a.76.76,0,0,0,.76.76Zm.76-3h3V9.16h-3Zm-.76,10h4.55a.76.76,0,0,0,.76-.76v-3a.75.75,0,0,0-.76-.76H14.36a.75.75,0,0,0-.76.76v3a.76.76,0,0,0,.76.76Zm.76-3h3v1.52h-3Z" fill="#fff"/><rect x="6.77" width="2.29" height="3.83" rx="1.15" ry="1.15" fill="#fff"/><rect x="15.48" y="0.08" width="2.29" height="3.83" rx="1.15" ry="1.15" fill="#fff"/></g></g></symbol><symbol viewBox="0 0 38.4 37.4" id="icons_066"><title>icons_066</title> <style type="text/css"> .st0{fill:none;stroke:#8595A2;stroke-width:2;stroke-linejoin:round;} </style> <g> <line class="st0" x1="1.3" y1="0" x2="1.3" y2="37.4"/> <line class="st0" x1="0" y1="36.1" x2="37.4" y2="36.1"/> <line class="st0" x1="3.9" y1="17.4" x2="5.2" y2="17.4"/> <line class="st0" x1="3.9" y1="14.8" x2="5.2" y2="14.8"/> <line class="st0" x1="3.9" y1="12.3" x2="5.2" y2="12.3"/> <line class="st0" x1="3.9" y1="9.7" x2="5.2" y2="9.7"/> <line class="st0" x1="3.9" y1="7.1" x2="5.2" y2="7.1"/> <line class="st0" x1="3.9" y1="4.5" x2="5.2" y2="4.5"/> <line class="st0" x1="3.9" y1="1.9" x2="5.2" y2="1.9"/> <circle class="st0" cx="6.5" cy="27.1" r="3.2"/> <circle class="st0" cx="14.2" cy="19.4" r="3.2"/> <circle class="st0" cx="34.2" cy="17.4" r="3.2"/> <circle class="st0" cx="22.6" cy="27.7" r="3.2"/> <line class="st0" x1="11.6" y1="21.3" x2="8.4" y2="24.5"/> <line class="st0" x1="20.7" y1="25.2" x2="16.8" y2="21.3"/> <line class="st0" x1="25.2" y1="25.8" x2="31.6" y2="19.4"/> </g> </symbol><symbol viewBox="0 0 48 39" id="icons_067"><title>icons_067</title><g fill="none" stroke="#8595a2" stroke-linejoin="round" stroke-width="2"><path d="m47 8v16l-6 1"/><path d="m41.64 3.54a31.21 31.21 0 0 0 -9.28-2.54l-5.36 9.48 20-2.54a11.71 11.71 0 0 0 -5.36-4.4z"/><path d="m40.27 12.24-19.27 2.39 5.1-8.83c-6.65-.8-14 0-19.23 2.39-7.81 3.6-7.81 9.44 0 13s20.47 3.6 28.28 0c5.29-2.39 6.98-5.85 5.12-8.95z"/><path d="m1 15v13.72c0 5.13 9 9.28 20 9.28s20-4.15 20-9.28v-13.72"/></g></symbol><symbol viewBox="0 0 46.85 41.18" id="icons_068"><title>icons_068</title><g fill="none" stroke="#8595a2" stroke-width="2"><path d="m16.42 38.18h-13.42a2 2 0 0 1 -1.7-3l20.42-33.18a2 2 0 0 1 3.41 0l20.42 33.14a2 2 0 0 1 -1.7 3h-13.43" stroke-miterlimit="10"/><path d="m23.42 34.18a3 3 0 1 0 3 3 3 3 0 0 0 -3-3z" stroke-linejoin="round"/><path d="m23.42 12.18a3 3 0 0 0 -3 3.11c0 3.14.75 12 1 12.89s.91 2 2 2 1.75-1.09 2-2 1-9.75 1-12.89a3 3 0 0 0 -3-3.11z" stroke-linejoin="round"/></g></symbol><symbol viewBox="0 0 46.92 47" id="icons_069"><title>icons_069</title><path d="m13.49 29c-7.4 1.49-12.49 4.52-12.49 8 0 5 10 9 22.46 9s22.46-4 22.46-9c0-3.51-5.09-6.54-12.49-8m-10.53-20a5 5 0 0 1 0 10 5 5 0 0 1 0-10z" fill="none" stroke="#8595a2" stroke-miterlimit="10" stroke-width="2"/><path d="m22.92 1a13 13 0 0 1 13 13 13.48 13.48 0 0 1 -2.22 8.08c-1.77 2.82-10.78 15.92-10.78 15.92s-9-13.1-10.78-15.92a13.48 13.48 0 0 1 -2.22-8.08 13 13 0 0 1 13-13z" fill="none" stroke="#8595a2" stroke-miterlimit="10" stroke-width="2"/></symbol><symbol viewBox="0 0 42 42" id="icons_070"><title>icons_070</title><circle cx="21" cy="21" fill="none" r="20" stroke="#8595a2" stroke-linejoin="round" stroke-width="2"/><path d="m12.15 22.92 5.53 6.08 13.32-16.79" fill="none" stroke="#8595a2" stroke-linejoin="round" stroke-width="2"/></symbol></svg> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script> <script type="text/javascript" id="vidyard_embed_code_iqPFEzcZG1vUXssSkQjsb9" src="//play.vidyard.com/iqPFEzcZG1vUXssSkQjsb9.js?v=3.1.1&type=lightbox"></script> <script type="text/javascript" id="vidyard_embed_code_BBisem3UakzQgDyouBp3Lh" src="//play.vidyard.com/BBisem3UakzQgDyouBp3Lh.js?v=3.1.1&type=lightbox"></script> <script type="text/javascript" id="vidyard_embed_code_ZooDLBSDd3KusYoCiCDfhH" src="//play.vidyard.com/ZooDLBSDd3KusYoCiCDfhH.js?v=3.1.1&type=lightbox"></script> <script type="text/javascript" id="vidyard_embed_code_pwyUta1RRdjKnhYN3gsK6d" src="//play.vidyard.com/pwyUta1RRdjKnhYN3gsK6d.js?v=3.1.1&type=lightbox"></script> <script type="text/javascript" id="vidyard_embed_code_hDUDPoYpqpxx6ZQSieyjK5" src="//play.vidyard.com/hDUDPoYpqpxx6ZQSieyjK5.js?v=3.1.1&type=lightbox"></script> <header role="banner" id="site-nav" class="site-nav site-nav--primary"> <div class="nav-wrapper"> <a class="logo" href="/"> <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 1061.54 298.63" xml:space="preserve"> <g> <path class="st0" d="M1030.03,98.04c1.48,0.83,2.64,1.96,3.48,3.39c0.84,1.42,1.27,2.98,1.27,4.67c0,1.69-0.42,3.24-1.27,4.66 c-0.84,1.41-2.01,2.53-3.48,3.35c-1.48,0.82-3.11,1.23-4.9,1.23c-1.74,0-3.35-0.41-4.81-1.23c-1.47-0.82-2.62-1.94-3.47-3.35 c-0.85-1.41-1.27-2.96-1.27-4.66c0-1.69,0.42-3.25,1.27-4.67c0.84-1.42,2-2.55,3.47-3.39c1.46-0.83,3.07-1.25,4.81-1.25 C1026.92,96.79,1028.55,97.2,1030.03,98.04z M1029.04,112.6c1.15-0.64,2.05-1.53,2.69-2.66c0.65-1.14,0.97-2.41,0.97-3.84 c0-1.42-0.32-2.71-0.97-3.86c-0.64-1.15-1.54-2.05-2.69-2.7c-1.15-0.65-2.46-0.98-3.92-0.98c-1.42,0-2.69,0.33-3.83,0.98 c-1.14,0.65-2.03,1.55-2.67,2.7c-0.65,1.15-0.97,2.43-0.97,3.86c0,1.43,0.32,2.7,0.97,3.84c0.64,1.13,1.53,2.02,2.67,2.66 c1.14,0.64,2.41,0.96,3.83,0.96C1026.59,113.56,1027.89,113.24,1029.04,112.6z M1028.57,105.75c-0.46,0.47-1.05,0.81-1.78,1.03 l2.8,4.17h-2.54l-2.31-3.84h-0.91v3.84h-2.16v-10h2.95c3.08,0,4.62,1.01,4.62,3.04C1029.25,104.7,1029.03,105.28,1028.57,105.75z M1023.84,105.52h1.14c1.37,0,2.05-0.51,2.05-1.52c0-0.51-0.17-0.87-0.51-1.1c-0.34-0.23-0.88-0.34-1.61-0.34h-1.06V105.52z" /> <path class="st0" d="M350.59,128.19c-0.62,0.6-1.37,0.89-2.25,0.89h-26.98c-0.88,0-1.32,0.42-1.32,1.27v61.31 c0,6.45,1.46,11.11,4.36,13.99c2.91,2.89,7.54,4.32,13.89,4.32h7.94c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v19.08 c0,1.87-1.06,2.97-3.17,3.31l-13.76,0.25c-13.93,0-24.34-2.29-31.21-6.87s-10.41-13.23-10.58-25.95v-72.5 c0-0.85-0.44-1.27-1.32-1.27h-15.08c-0.88,0-1.63-0.29-2.25-0.89c-0.62-0.59-0.93-1.31-0.93-2.16v-17.81 c0-0.85,0.31-1.57,0.93-2.16c0.62-0.59,1.36-0.89,2.25-0.89h15.08c0.88,0,1.32-0.42,1.32-1.27V74.13c0-0.85,0.31-1.57,0.93-2.16 c0.62-0.59,1.36-0.89,2.25-0.89h23.01c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v29.76c0,0.85,0.44,1.27,1.32,1.27 h26.98c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v17.81C351.51,126.88,351.2,127.6,350.59,128.19z" /> <path class="st0" d="M471.92,169.79l-0.26,7.89c0,2.04-1.06,3.05-3.17,3.05h-82.8c-0.88,0-1.32,0.43-1.32,1.27 c0.53,5.6,1.32,9.41,2.38,11.45c4.23,12.21,14.55,18.4,30.95,18.57c11.99,0,21.51-4.75,28.57-14.25c0.7-1.02,1.59-1.53,2.65-1.53 c0.7,0,1.32,0.25,1.85,0.76l16.4,12.97c1.59,1.19,1.85,2.54,0.79,4.07c-5.47,7.46-12.74,13.23-21.82,17.3 c-9.08,4.07-19.18,6.11-30.29,6.11c-13.76,0-25.44-2.97-35.05-8.9c-9.61-5.93-16.62-14.25-21.03-24.93 c-4.06-9.16-6.08-21.88-6.08-38.16c0-9.83,1.06-17.81,3.17-23.91c3.53-11.87,10.18-21.24,19.97-28.11 c9.79-6.87,21.56-10.3,35.31-10.3c34.74,0,54.31,17.47,58.72,52.41C471.57,159.78,471.92,164.53,471.92,169.79z M395.87,133.28 c-4.32,3.14-7.37,7.5-9.13,13.1c-1.06,2.89-1.77,6.61-2.12,11.19c-0.36,0.85,0,1.27,1.06,1.27h53.7c0.88,0,1.32-0.42,1.32-1.27 c-0.36-4.24-0.88-7.46-1.59-9.67c-1.59-6.11-4.72-10.85-9.39-14.25c-4.67-3.39-10.54-5.09-17.59-5.09 C405.61,128.57,400.19,130.14,395.87,133.28z" /> <path class="st0" d="M582.6,115.34c8.55,8.14,12.83,19.25,12.83,33.33v83.44c0,0.85-0.31,1.57-0.93,2.16 c-0.62,0.6-1.37,0.89-2.25,0.89h-24.34c-0.88,0-1.63-0.29-2.25-0.89c-0.62-0.59-0.93-1.31-0.93-2.16v-77.34 c0-7.8-2.29-14.12-6.88-18.95c-4.59-4.83-10.67-7.25-18.25-7.25c-7.58,0-13.71,2.38-18.38,7.12c-4.67,4.75-7.01,11.03-7.01,18.83 v77.59c0,0.85-0.31,1.57-0.93,2.16c-0.62,0.6-1.37,0.89-2.25,0.89h-24.34c-0.88,0-1.63-0.29-2.25-0.89 c-0.62-0.59-0.93-1.31-0.93-2.16V108.22c0-0.85,0.31-1.57,0.93-2.16c0.62-0.59,1.36-0.89,2.25-0.89h24.34 c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v8.14c0,0.51,0.17,0.85,0.53,1.02c0.35,0.17,0.62,0,0.79-0.51 c7.23-9.16,18.16-13.74,32.8-13.74C562.62,103.13,574.04,107.2,582.6,115.34z" /> <path class="st0" d="M696.02,108.73c8.46,3.73,14.99,8.86,19.57,15.39c4.58,6.53,6.88,13.95,6.88,22.26v85.73 c0,0.85-0.31,1.57-0.93,2.16c-0.62,0.6-1.37,0.89-2.25,0.89h-24.34c-0.88,0-1.63-0.29-2.25-0.89c-0.62-0.59-0.93-1.31-0.93-2.16 v-8.14c0-0.51-0.18-0.8-0.53-0.89c-0.36-0.08-0.71,0.04-1.06,0.38c-8.64,9.16-21.16,13.74-37.56,13.74 c-13.23,0-24.12-3.22-32.67-9.67c-8.56-6.44-12.83-16.03-12.83-28.75c0-13.23,4.8-23.53,14.42-30.91 c9.61-7.38,23.15-11.07,40.6-11.07h28.3c0.88,0,1.32-0.42,1.32-1.27v-6.11c0-6.61-2.03-11.74-6.08-15.39 c-4.06-3.65-10.14-5.47-18.25-5.47c-6.7,0-12.13,1.14-16.27,3.43c-4.15,2.29-6.75,5.47-7.8,9.54c-0.53,2.04-1.77,2.89-3.7,2.54 l-25.66-3.05c-0.88-0.17-1.63-0.46-2.25-0.89c-0.62-0.42-0.84-0.97-0.66-1.65c1.41-10.34,7.18-18.83,17.33-25.44 c10.14-6.61,22.88-9.92,38.22-9.92C677.77,103.13,687.56,105,696.02,108.73z M681.53,207.18c6.17-4.41,9.26-10.01,9.26-16.79 v-11.96c0-0.85-0.44-1.27-1.32-1.27h-22.22c-9.35,0-16.71,1.7-22.09,5.09c-5.38,3.39-8.07,8.23-8.07,14.5 c0,5.43,2.07,9.63,6.22,12.59c4.14,2.97,9.48,4.45,16,4.45C667.95,213.8,675.36,211.6,681.53,207.18z" /> <path class="st0" d="M852.89,169.79c0,12.04-1.68,22.64-5.03,31.8c-3.88,11.19-10.14,19.93-18.78,26.2 c-8.64,6.28-19.22,9.41-31.74,9.41c-12.35,0-22.48-4.49-30.42-13.48c-0.36-0.51-0.71-0.68-1.06-0.51 c-0.36,0.17-0.53,0.51-0.53,1.02v7.89c0,0.85-0.31,1.57-0.93,2.16c-0.62,0.6-1.37,0.89-2.25,0.89h-24.34 c-0.88,0-1.63-0.29-2.25-0.89c-0.62-0.59-0.93-1.31-0.93-2.16V60.14c0-0.85,0.31-1.57,0.93-2.16c0.62-0.59,1.36-0.89,2.25-0.89 h24.34c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v55.2c0,0.51,0.17,0.85,0.53,1.02c0.35,0.17,0.7,0.09,1.06-0.25 c7.58-8.65,17.63-12.97,30.16-12.97c13.05,0,23.85,3.14,32.4,9.41c8.55,6.28,14.86,15.01,18.91,26.2 C851.39,148.25,852.89,158.59,852.89,169.79z M821.41,170.29c0-13.23-2.65-23.57-7.94-31.04c-4.76-7.12-11.82-10.68-21.16-10.68 c-8.64,0-15.26,3.73-19.84,11.19c-4.41,6.96-6.61,17.04-6.61,30.27c0,13.06,2.03,22.9,6.08,29.51 c4.58,8.14,11.46,12.21,20.63,12.21c4.93,0,9.34-1.06,13.23-3.18c3.88-2.12,6.96-5.13,9.26-9.03 C819.29,192.43,821.41,182.68,821.41,170.29z" /> <path class="st0" d="M865.56,234.47c-0.62-0.59-0.93-1.31-0.93-2.16V60.34c0-0.85,0.31-1.57,0.93-2.16 c0.62-0.59,1.36-0.89,2.25-0.89h24.34c0.88,0,1.63,0.3,2.25,0.89c0.62,0.6,0.93,1.32,0.93,2.16v171.97c0,0.85-0.31,1.57-0.93,2.16 c-0.62,0.6-1.37,0.89-2.25,0.89H867.8C866.92,235.36,866.17,235.07,865.56,234.47z" /> <path class="st0" d="M1025.42,169.59l-0.26,7.89c0,2.04-1.06,3.05-3.17,3.05h-82.8c-0.88,0-1.32,0.43-1.32,1.27 c0.53,5.6,1.32,9.41,2.38,11.45c4.23,12.21,14.55,18.4,30.95,18.57c11.99,0,21.51-4.75,28.57-14.25c0.7-1.02,1.59-1.53,2.64-1.53 c0.7,0,1.32,0.25,1.85,0.76l16.4,12.97c1.59,1.19,1.85,2.54,0.79,4.07c-5.47,7.46-12.74,13.23-21.82,17.3 c-9.08,4.07-19.18,6.11-30.29,6.11c-13.75,0-25.44-2.97-35.05-8.9c-9.61-5.93-16.62-14.25-21.03-24.93 c-4.06-9.16-6.08-21.88-6.08-38.16c0-9.83,1.06-17.81,3.17-23.91c3.53-11.87,10.18-21.24,19.97-28.11 c9.79-6.87,21.56-10.3,35.31-10.3c34.74,0,54.31,17.47,58.72,52.41C1025.06,159.59,1025.42,164.34,1025.42,169.59z M949.37,133.08 c-4.32,3.14-7.37,7.5-9.13,13.1c-1.06,2.89-1.76,6.61-2.12,11.19c-0.36,0.85,0,1.27,1.06,1.27h53.7c0.88,0,1.32-0.42,1.32-1.27 c-0.36-4.24-0.88-7.46-1.59-9.67c-1.59-6.11-4.72-10.85-9.39-14.25c-4.67-3.39-10.54-5.09-17.59-5.09 C959.11,128.38,953.69,129.95,949.37,133.08z" /> <path class="st0" d="M255.2,161.59l-30.59-90.84c-2.21-6.56-7.81-11.47-14.61-12.79l-95.48-18.63c-6.66-1.3-13.6,1.04-18.11,6.1 l-64.76,72.58c-4.61,5.17-6.1,12.46-3.89,19.02l30.59,90.84c2.21,6.57,7.81,11.47,14.61,12.79l95.48,18.63 c1.22,0.24,2.44,0.35,3.66,0.35c5.45,0,10.76-2.32,14.45-6.45l64.76-72.58C255.92,175.45,257.41,168.16,255.2,161.59z M218.24,72.9 l20.12,59.74L195.6,65.18c-0.92-1.46-2.05-2.74-3.32-3.83l16.45,3.21C213.15,65.42,216.8,68.62,218.24,72.9z M186.72,230.45 l-37.27,1.89l60.29-34.9c0.09-0.05,0.18-0.11,0.27-0.17l-14.51,27.57C193.78,228.12,190.41,230.27,186.72,230.45z M93.05,229.86 l-21.06-33.22c0.4,0.29,0.81,0.56,1.24,0.81L134,232.63c0.28,0.16,0.57,0.32,0.86,0.46l-32.39,1.64 C98.68,234.91,95.07,233.05,93.05,229.86z M96.24,68.18l37.27-1.89l-60.28,34.9c-0.09,0.05-0.18,0.11-0.27,0.17l14.51-27.57 C89.19,70.51,92.55,68.37,96.24,68.18z M189.92,68.78l21.06,33.22c-0.4-0.29-0.81-0.56-1.24-0.81l-60.77-35.17 c-0.28-0.16-0.57-0.32-0.86-0.46l32.39-1.64C184.27,63.7,187.89,65.58,189.92,68.78z M210.47,184.52c0,2.92-1.57,5.65-4.1,7.12 l-60.77,35.17c-2.54,1.47-5.7,1.47-8.24,0L76.6,191.63c-2.53-1.47-4.1-4.19-4.1-7.12v-70.4c0-2.92,1.57-5.65,4.1-7.12l60.77-35.17 c1.27-0.74,2.69-1.1,4.12-1.1c1.42,0,2.85,0.37,4.12,1.1L206.37,107c2.53,1.46,4.1,4.19,4.1,7.12V184.52z M66.03,187.23 l-17.65-27.85c-2.01-3.17-2.17-7.21-0.42-10.53L65.77,115v69.51C65.77,185.44,65.86,186.34,66.03,187.23z M216.94,111.4 l17.65,27.85c2.01,3.17,2.17,7.21,0.42,10.53l-17.82,33.85v-69.51C217.19,113.2,217.1,112.29,216.94,111.4z M101.44,49.91 c2.41-2.7,5.87-4.21,9.42-4.21c0.79,0,1.59,0.08,2.39,0.23l59.61,11.63l-76.95,3.9c-2.13,0.11-4.18,0.62-6.08,1.46L101.44,49.91z M36.67,122.49L79.5,74.5l-37.49,71.23c-1.13,2.14-1.76,4.47-1.93,6.82l-5.94-17.65C32.69,130.61,33.67,125.86,36.67,122.49z M64.72,225.73l-20.12-59.74l42.76,67.46c0.92,1.45,2.05,2.74,3.32,3.83l-16.44-3.21C69.81,233.21,66.17,230.01,64.72,225.73z M181.53,248.73c-2.94,3.3-7.47,4.83-11.81,3.98l-59.61-11.63l76.95-3.9c2.13-0.11,4.18-0.62,6.08-1.46L181.53,248.73z M246.29,176.14l-42.82,48l37.49-71.23c1.13-2.14,1.76-4.47,1.93-6.82l5.94,17.65C250.27,168.02,249.3,172.77,246.29,176.14z" /></g> </svg> <span class="u-hide">Tenable</span> </a> <nav class="main-nav"> <a href="/products/tenable-one" class="main-nav__item has-menu" data-menu="platform" data-nav-type="main-nav" data-nav-category="Platform">Platform</a> <a href="/products" class="main-nav__item has-menu" data-menu="products" data-nav-type="main-nav" data-nav-category="Products">Products</a> <a href="/solutions" class="main-nav__item has-menu" data-menu="solutions" data-nav-type="main-nav" data-nav-category="Solutions">Solutions</a> <a href="/why-tenable" class="main-nav__item has-menu" data-menu="why-tenable" data-nav-type="main-nav" data-nav-category="Why Tenable">Why Tenable</a> <a class="main-nav__item has-menu" data-menu="resources">Resources</a> <a class="main-nav__item has-menu" data-menu="partners">Partners</a> <a class="main-nav__item has-menu" data-menu="support">Support</a> <a class="main-nav__item has-menu" data-menu="company">Company</a> </nav> <div class="toolbar-nav"> <div class="toolbar-nav__item contact"> <a id="contact-link" href="/about-tenable/contact-tenable" class="toolbar-nav__link" data-nav-type="micro-nav" data-nav-category="contact_icon"> <span class="u-visuallyhidden">contact_icon</span> <svg width="27" height="27" viewBox="0 0 27 27" fill="none" xmlns="http://www.w3.org/2000/svg"> <g id="mdi:email-outline"> <path id="Shape" fill-rule="evenodd" clip-rule="evenodd" d="M24.75 6.75C24.75 5.5125 23.7375 4.5 22.5 4.5H4.5C3.2625 4.5 2.25 5.5125 2.25 6.75V20.25C2.25 21.4875 3.2625 22.5 4.5 22.5H22.5C23.7375 22.5 24.75 21.4875 24.75 20.25V6.75ZM22.5 6.75L13.5 12.375L4.5 6.75H22.5ZM13.5 14.625L4.5 9V20.25H22.5V9L13.5 14.625Z" fill="#041E42"/> </g> </svg> </a> </div> <div class="toolbar-nav__item language"> <a id="language-trigger" href="#" class="toolbar-nav__trigger"> <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <g id="mdi:web"> <path id="Shape" fill-rule="evenodd" clip-rule="evenodd" d="M1.33334 12.6665C1.33334 7.1665 5.80334 2.6665 11.3333 2.6665C13.9855 2.6665 16.529 3.72007 18.4044 5.59544C20.2798 7.4708 21.3333 10.0143 21.3333 12.6665C21.3333 18.1894 16.8562 22.6665 11.3333 22.6665C8.68118 22.6665 6.13764 21.6129 4.26228 19.7376C2.38691 17.8622 1.33334 15.3187 1.33334 12.6665ZM13.2433 8.6665C12.8333 7.2365 12.1633 5.8965 11.3333 4.6965C10.5033 5.8965 9.83334 7.2365 9.42334 8.6665H13.2433ZM7.33334 8.6665H4.41334C5.37198 6.99354 6.908 5.72775 8.73334 5.1065C8.13334 6.2165 7.68334 7.4165 7.33334 8.6665ZM13.8333 12.6665C13.8333 13.3465 13.7633 14.0065 13.6733 14.6665H8.99334C8.89334 14.0065 8.83334 13.3465 8.83334 12.6665C8.83334 11.9865 8.89334 11.3165 8.99334 10.6665H13.6733C13.7633 11.3165 13.8333 11.9865 13.8333 12.6665ZM15.8333 12.6665C15.8333 13.3465 15.7733 14.0065 15.6933 14.6665H19.0733C19.2333 14.0265 19.3333 13.3565 19.3333 12.6665C19.3333 11.9765 19.2333 11.3065 19.0733 10.6665H15.6933C15.7733 11.3265 15.8333 11.9865 15.8333 12.6665ZM15.3033 16.6665C14.9833 17.9165 14.5233 19.1165 13.9233 20.2265C15.7475 19.5985 17.2845 18.3348 18.2533 16.6665H15.3033ZM9.42334 16.6665C9.83334 18.0965 10.5033 19.4265 11.3333 20.6265C12.1633 19.4265 12.8333 18.0965 13.2433 16.6665H9.42334ZM7.33334 16.6665H4.41334C5.37763 18.3347 6.91161 19.5988 8.73334 20.2265C8.13334 19.1165 7.68334 17.9165 7.33334 16.6665ZM3.59334 14.6665C3.43334 14.0265 3.33334 13.3565 3.33334 12.6665C3.33334 11.9765 3.43334 11.3065 3.59334 10.6665H6.97334C6.89334 11.3265 6.83334 11.9865 6.83334 12.6665C6.83334 13.3465 6.89334 14.0065 6.97334 14.6665H3.59334ZM18.2533 8.6665H15.3033C14.9899 7.42811 14.5265 6.23261 13.9233 5.1065C15.7633 5.7365 17.2933 7.0065 18.2533 8.6665Z" fill="#041E42"/> </g> </svg> </a> <nav class="toolbar-nav__dropdown language-menu language-menu--24"> <div class="language-menu__col"> <a class="__ptNoRemap" href="https://www.tenable.com?tns_languageOverride=true" data-nav-type="micro-nav" data-nav-category="Language">English</a> <a href="https://de.tenable.com?tns_languageOverride=true" hreflang="de" data-nav-type="micro-nav" data-nav-category="Language">Deutsch</a> <a href="https://fr.tenable.com?tns_languageOverride=true" hreflang="fr" data-nav-type="micro-nav" data-nav-category="Language">Français (France)</a> <a href="https://es-la.tenable.com?tns_languageOverride=true" hreflang="es" data-nav-type="micro-nav" data-nav-category="Language">Español (América Latina)</a> <a href="https://pt-br.tenable.com?tns_languageOverride=true" hreflang="pt-br" data-nav-type="micro-nav" data-nav-category="Language">Português (Brasil)</a> <a href="https://it.tenable.com?tns_languageOverride=true" hreflang="it" data-nav-type="micro-nav" data-nav-category="Language">Italiano</a> </div> <div class="language-menu__col"> <a href="https://www.tenablecloud.cn?tns_languageOverride=true" hreflang="zh-cn" data-nav-type="micro-nav" data-nav-category="Language">简体中文</a> <a href="https://zh-tw.tenable.com?tns_languageOverride=true" hreflang="zh-tw" data-nav-type="micro-nav" data-nav-category="Language">繁體中文</a> <a href="https://jp.tenable.com?tns_languageOverride=true" hreflang="ja" data-nav-type="micro-nav" data-nav-category="Language">日本語</a> <a href="https://kr.tenable.com?tns_languageOverride=true" hreflang="ko" data-nav-type="micro-nav" data-nav-category="Language">한국어</a> <a href="https://ar.tenable.com?tns_languageOverride=true" hreflang="ar" data-nav-type="micro-nav" data-nav-category="Language">العربية</a> </div> </nav> </div> <div class="toolbar-nav__item login"> <a id="login-trigger" href="#" class="toolbar-nav__trigger"> <svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg"> <g id="mdi:account"> <path id="Shape" fill-rule="evenodd" clip-rule="evenodd" d="M20 10C20 7.23858 17.7614 5 15 5C12.2386 5 10 7.23858 10 10C10 12.7614 12.2386 15 15 15C17.7614 15 20 12.7614 20 10ZM25 22.5C25 19.7375 20.525 17.5 15 17.5C9.475 17.5 5 19.7375 5 22.5V25H25V22.5Z" fill="#041E42"/> </g> </svg> </a> <nav class="toolbar-nav__dropdown login-menu login-menu--24"> <a href="https://cloud.tenable.com" data-nav-type="micro-nav" data-nav-category="Login"> Tenable Product Login <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-bottom: -2px; margin-left: 5px;"> <g> <path d="M0.5 8H10.5" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> <path d="M6.5 4L10.5 8L6.5 12" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> <path d="M0.5 4.5V2C0.5 1.60218 0.658035 1.22064 0.93934 0.93934C1.22064 0.658035 1.60218 0.5 2 0.5H14C14.3978 0.5 14.7794 0.658035 15.0607 0.93934C15.342 1.22064 15.5 1.60218 15.5 2V14C15.5 14.3978 15.342 14.7794 15.0607 15.0607C14.7794 15.342 14.3978 15.5 14 15.5H2C1.60218 15.5 1.22064 15.342 0.93934 15.0607C0.658035 14.7794 0.5 14.3978 0.5 14V11.5" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> </g> </svg> </a> <a href="https://community.tenable.com/login" data-nav-type="micro-nav" data-nav-category="Login"> Community & Support <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-bottom: -2px; margin-left: 5px;"> <g> <path d="M0.5 8H10.5" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> <path d="M6.5 4L10.5 8L6.5 12" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> <path d="M0.5 4.5V2C0.5 1.60218 0.658035 1.22064 0.93934 0.93934C1.22064 0.658035 1.60218 0.5 2 0.5H14C14.3978 0.5 14.7794 0.658035 15.0607 0.93934C15.342 1.22064 15.5 1.60218 15.5 2V14C15.5 14.3978 15.342 14.7794 15.0607 15.0607C14.7794 15.342 14.3978 15.5 14 15.5H2C1.60218 15.5 1.22064 15.342 0.93934 15.0607C0.658035 14.7794 0.5 14.3978 0.5 14V11.5" stroke="#425363" stroke-linecap="round" stroke-linejoin="round"></path> </g> </svg> </a> </nav> </div> </div> <nav class="cta-nav"> <a href="/try" class="nav-button" id="btn-topnav-try" data-nav-type="micro-nav" data-nav-category="Button" data-nav-sub-category="Try">Try</a> <a href="/buy" class="nav-button" id="btn-topnav-buy" data-nav-type="micro-nav" data-nav-category="Button" data-nav-sub-category="Buy">Buy</a> </nav> <div class="tablet-mobile-only mobile-try-btn" style="display: none;"> <a href="/products" class="nav-button nav-button--mobile" data-nav-type="micro-nav" data-nav-category="Button" data-nav-sub-category="Try">Try</a> </div> <div id="menu-icon" class="menu-icon"> <a href="#mob-menu"> <svg width="24" height="16" viewBox="0 0 24 16" fill="none" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M0.75 0.5H23.25V3H0.75V0.5ZM0.75 6.75H23.25V9.25H0.75V6.75ZM23.25 13H0.75V15.5H23.25V13Z" fill="#041e42"/> </svg> </a> </div> <div id="menu-close" class="menu-close mm-btn_close" style="display: none;"> <a> <svg width="19" height="19" viewBox="0 0 19 19" fill="none" xmlns="http://www.w3.org/2000/svg"> <rect x="0.307617" y="16.5713" width="23" height="3" transform="rotate(-45 0.307617 16.5713)" fill="#041e42"/> <rect width="23" height="3" transform="matrix(-0.707107 -0.707107 -0.707107 0.707107 18.6924 16.5713)" fill="#041e42"/> </svg> </a> </div> </div> <div class="rich-menu platform"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding"> <div class="l-grid l-grid-cols--3"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5 class="bottom-align">Tenable One Exposure Management Platform</h5> <hr/> <ul> <li><a href="/products/tenable-one" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">Explore the Platform</a></li> <li><a href="/products/tenable-one#faq" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">FAQ</a></li> <li><a href="#one-eval" class="lightbox-content" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Modal" data-nav-product="tenable_one">Request a demo</a></li> <li><a href="/exposure-management" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">What is Exposure Management?</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5 class="bottom-align">Platform categories</h5> <hr/> <ul> <li><a href="/cloud-security" data-nav-type="main-nav" data-nav-sub-category="Platform Categories" data-nav-product="cloud_security">Cloud Exposure</a></li> <li><a href="/products/vulnerability-management" data-nav-type="main-nav" data-nav-sub-category="Platform Categories" data-nav-product="vulnerability_management">Vulnerability Exposure</a></li> <li><a href="/products/ot-security" data-nav-type="main-nav" data-nav-sub-category="Platform Categories" data-nav-product="ot_security">OT/IoT Exposure</a></li> <li><a href="/products/identity-exposure" data-nav-type="main-nav" data-nav-sub-category="Platform Categories" data-nav-product="identity_exposure">Identity Exposure</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5 class="bottom-align">Platform capabilities</h5> <hr/> <ul> <li><a href="/products/tenable-one/lumin-exposure-view" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Platform Capabilities" data-nav-product="tenable_one">Exposure metrics & reporting</a></li> <li><a href="/products/tenable-one/attack-path-analysis" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Platform Capabilities" data-nav-product="tenable_one">Attack path analysis</a></li> <li><a href="/solutions/exposure-ai" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Platform Capabilities" data-nav-product="tenable_one">GenAI analytics</a></li> </ul> </div> </div> </div> </div> <aside class="rich-menu__aside right-padding"> <div class="rich-menu__aside-item item--tenable-one-demo"> <img src="/themes/custom/tenable/images-new/menus/menu-featured-tenable-one.png" alt="Get Started with Tenable One" /> <h5>Get started with Tenable One</h5> <p>Anticipate attacks and reduce business risk with Tenable One Exposure Management Platform.</p> <a href="#one-eval" class="lightbox-content c-cta" data-nav-type="main-nav" data-nav-category="Platform" data-nav-sub-category="Modal" data-nav-product="tenable_one"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </div> </aside> </div> </div> <div class="rich-menu products"> <div class="rich-menu__menu-container active"> <aside class="rich-menu__aside left-padding"> <div class="rich-menu__aside-item item--tenable-one-demo"> <h5>Exposure Management <br/>Platform</h5> <hr /> <p>Tenable One Exposure Management Platform enables you to gain visibility across your attack surface, focus efforts to prevent likely attacks, and accurately communicate cyber risk to support optimal business performance.</p> <a href="/products/tenable-one" class="c-cta" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Exposure Management Platform" data-nav-product="tenable_one"> <span>Learn more</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a><br/> <a href="#one-eval" class="lightbox-content c-cta" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="tenable_one"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </div> </aside> <div class="rich-menu__content right-padding"> <div class="l-grid l-grid-cols--3"> <div class="rich-menu__col"> <div class="rich-menu__menu menu--products"> <a href="/cloud-security" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="cloud_security"> <h5>Cloud Exposure</h5> </a> <hr/> <ul> <li> <a href="/cloud-security" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="cloud_security"> <span>Tenable Cloud Security (CNAPP)</span> </a> <a href="#tenable-cs" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="cloud_security"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/cloud-security/products/cloud-infrastructure-entitlement-management" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="ciem"> <span>Tenable CIEM</span> </a> <a href="#tenable-cs" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="ciem"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/cloud-security/products/just-in-time" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="jit"> <span>Tenable Just in Time Access (JIT)</span> </a> <a href="#tenable-cs" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="jit"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/cloud-security/products/open-source" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="open_source"> <span>Tenable Open Source</span> </a> </li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu menu--products"> <h5>Vulnerability Exposure</h5> <hr/> <ul> <li> <a href="/products/vulnerability-management" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="vulnerability_management"> <span>Tenable Vulnerability Management</span> </a> <a href="#tenableio-4part" class="rich-menu__menu-cta c-cta lightbox-content vm-try-link" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="vulnerability_management"> <span>Try for free</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/security-center" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="security_center"> <span>Tenable Security Center</span> </a> <a href="#tenable-sc-eval" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="security_center"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/web-app-scanning" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="web_app_scanning"> <span>Tenable Web App Scanning</span> </a> <a href="#tenableio-was" class="rich-menu__menu-cta c-cta lightbox-content was-try-link" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="web_app_scanning"> <span>Try for free</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/enclave-security" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Tenable Enclave Security" data-nav-product="tenable_enclave_security"> <span>Tenable Enclave Security</span> </a> <a href="#enclave" class="rich-menu__menu-cta c-cta lightbox-content was-try-link" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="tenable_enclave_security"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/tenable-lumin" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="lumin"> <span>Tenable Lumin</span> </a> <a href="#lumin-eval" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="lumin"> <span>Try for free</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/attack-surface-management" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="attack_surface_management"> <span>Tenable Attack Surface Management</span> </a> <a href="#asm-eval" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="attack_surface_management"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> <li> <a href="/products/nessus" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="nessus"> <span>Tenable Nessus</span> </a> <a href="#expert" class="rich-menu__menu-cta c-cta lightbox-content try-nessus-expert nessus-try-button" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="nessus"> <span>Try for free</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu menu--products"> <h5>OT/IoT Exposure</h5> <hr/> <ul> <li> <a href="/products/ot-security" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Operational Technology Security" data-nav-product="ot_security"> <span>Tenable OT Security</span> </a> <a href="#ot-eval" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="ot_security"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> <div class="rich-menu__menu menu--products"> <h5>Identity Exposure</h5> <hr/> <ul> <li> <a href="/products/identity-exposure" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Identity Exposure" data-nav-product="identity_exposure"> <span>Tenable Identity Exposure</span> </a> <a href="#ad-eval" class="rich-menu__menu-cta c-cta lightbox-content" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Modal" data-nav-product="identity_exposure"> <span>Request a demo</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> </div> </div> <div class="l-grid l-grid-cols--1"> <div class="rich-menu__col"> <div class="rich-menu__product-compare mt flex"> <a href="/products/" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="View all products" class="c-cta u-mx--xs"> <span><strong>View all products</strong></span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> <a href="/products/compare-products" data-nav-type="main-nav" data-nav-category="Products" data-nav-sub-category="Compare Products" class="c-cta"> <span><strong>Compare products</strong></span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </div> </div> </div> </div> </div> </div> <div class="rich-menu solutions rich-menu--no-aside"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding right-padding"> <div class="l-grid l-grid-cols--4"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Business needs</h5> <hr/> <ul> <li><a href="/solutions/active-directory" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Active Directory</a></li> <li><a href="/solutions/compliance" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Compliance</a></li> <li><a href="/solutions/cyber-insurance" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Cyber insurance</a></li> <li><a href="/solutions/it-ot" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">OT / IT</a></li> <li><a href="/solutions/ransomware" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Ransomware</a></li> <li><a href="/solutions/vulnerability-assessment" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Vulnerability assessment</a></li> <li><a href="/solutions/vulnerability-management" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Vulnerability management</a></li> <li><a href="/solutions/zero-trust" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Zero trust</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Industry</h5> <hr/> <ul> <li><a href="/solutions/automotive-manufacturing" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Automotive manufacturing</a></li> <li><a href="/solutions/energy" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Energy</a></li> <li><a href="/solutions/finance" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Finance</a></li> <li><a href="/solutions/healthcare" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Healthcare</a></li> <li><a href="/solutions/oil-and-gas" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Oil & Gas</a></li> <li><a href="/solutions#Industries" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Industry" class="c-cta"> <span>More industries</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Compliance</h5> <hr/> <ul> <li><a href="/cybersecurity-regulations" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">Critical infrastructure regulations</a></li> <li><a href="/solutions/fisma" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">FISMA</a></li> <li><a href="/solutions/hipaa-compliance" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">HIPAA</a></li> <li><a href="/solutions/nerc-cip" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">NERC CIP</a></li> <li><a href="/solutions/nis-directive-compliance" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">NIS directive</a></li> <li><a href="/solutions/pci-dss" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">PCI</a></li> <li><a href="/solutions/security-frameworks" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">Security frameworks</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Public Sector</h5> <hr/> <ul> <li><a href="/solutions/education" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">Educational institutions</a></li> <li><a href="/solutions/sled" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">State / Local / Education</a></li> <li><a href="/solutions/government/us-fed" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">US federal</a></li> </ul> </div> </div> </div> <div class="l-grid l-grid-cols--1"> <div class="u-text-center"> <a href="/solutions/" data-nav-type="main-nav" data-nav-category="Solutions" data-nav-sub-category="View All Solutions" class="c-cta rm__cta"> <span>View all solutions</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </div> </div> </div> </div> </div> <div class="rich-menu why-tenable rich-menu--two-thirds"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding"> <div class="l-grid l-grid-cols--2"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>The Tenable difference</h5> <hr/> <ul> <li><a href="/why-tenable" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Why choose Tenable</a></li> <li><a href="/why-tenable#awards" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Industry recognition</a></li> <li><a href="/customers" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Customer stories</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Compare Tenable to:</h5> <hr/> <ul> <li><a href="/why-tenable/tenable-vs-microsoft" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Microsoft Defender</a></li> <li><a href="/why-tenable/tenable-vs-palo-alto-networks" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Palo Alto Prisma Cloud</a></li> <li><a href="/why-tenable/tenable-vs-qualys" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Qualys</a></li> <li><a href="/whitepapers/security-leaders-guide-to-comparing-tenable-and-rapid7" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Rapid7</a></li> <li><a href="/why-tenable/tenable-vs-wiz" data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Wiz</a></li> </ul> </div> </div> </div> </div> <aside class="rich-menu__aside right-padding"> <div class="rich-menu__aside-item item--techstrong"> <script type="text/javascript" id="vidyard_embed_code_sqffsPipQz4nueWuSvdHY2" src="//play.vidyard.com/sqffsPipQz4nueWuSvdHY2.js?v=3.1.1&type=lightbox"></script> <a data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Featured video" href="javascript:void(0);" onclick="fn_vidyard_sqffsPipQz4nueWuSvdHY2();"> <img src="/themes/custom/tenable/images-new/menus/exposure-video-thumb.png" alt="Exposure video" class=""> </a> <h5>Isolate and eradicate your true exposures</h5> <p>Close critical cyber exposures anywhere to reduce business risk everywhere.</p> <a data-nav-type="main-nav" data-nav-category="Why Tenable" data-nav-sub-category="Featured video cta" href="javascript:void(0);" onclick="fn_vidyard_sqffsPipQz4nueWuSvdHY2();" class="c-cta"> <span>Watch the video</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </div> </aside> </div> </div> <div class="rich-menu resources rich-menu--two-thirds"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding"> <div class="l-grid l-grid-cols--2"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Resources</h5> <hr/> <ul> <li><a href="/resources" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Resource library</a></li> <li><a href="/webinars" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Webinars</a></li> <li><a href="/blog" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Blog</a></li> <li><a href="/education" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Training and certification</a></li> <li><a href="/cybersecurity-guide" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Cybersecurity guide</a></li> <li><a href="/customers" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Customer stories</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Research</h5> <hr/> <ul> <li><a href="/research" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research center</a></li> <li><a href="/plugins" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Research">Security plugins</a></li> <li><a href="/security/research" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Research">Zero-Day research</a></li> <li><a href="/blog/search?field_blog_section_tid=49" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research blog</a></li> <li><a href="https://community.tenable.com/s/" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research community</a></li> </ul> </div> </div> </div> </div> <aside class="rich-menu__aside right-padding"> <div class="rich-menu__aside-item item--techstrong"> <h5>TechStrong Research PulseMeter: Risk and threat management strategies</h5> <p>Techstrong Research surveyed their community of security, cloud, and DevOps readers and viewers to gain insights into their views on scaling security across cloud and on-premises environments.</p> <a href="/analyst-research/techstrong-research-pulsemeter-risk-and-threat-management-strategies" class="c-cta" data-nav-type="main-nav" data-nav-category="Resources" data-nav-sub-category="Featured Webinar"> <span>Read the report</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </div> </aside> </div> </div> <div class="rich-menu partners rich-menu--two-thirds"> <div class="rich-menu__menu-container"> <aside class="rich-menu__aside left-padding"> <div class="rich-menu__aside-item item--tenable-one-demo"> <h5>Find a partner</h5> <hr/> <ul> <li><a href="/partner-locator/resellers" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner">Search resellers</a></li> <li><a href="/partner-locator/distributors" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner"> Search distributors</a></li> <li><a href="/partner-locator/mssp" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner">Search MSSP</a></li> </ul> </div> </aside> <div class="rich-menu__content"> <div class="l-grid l-grid-cols--2"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Tenable Assure partners</h5> <hr/> <ul> <li><a href="/partners" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Overview</a></li> <li><a href="/partners/channel-partner-program" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Channel partner program</a></li> <li><a href="/partners/mssp-partner-program" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">MSSP partner program</a></li> <li><a href="/partners/assure-program-application" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Partner application</a></li> <li> <a href="https://partners.tenable.com/#/page/partner-login" target="_blank" rel="noopener noreferrer" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners" class="c-cta"> <span>Partner portal</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Other partner opportunities</h5> <hr/> <ul> <li><a href="/partners/technology" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Technology ecosystem</a></li> <li><a href="/partners/research" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Research Alliance program</a></li> <li><a href="https://tenable.partnerstack.com/" target="_blank" data-nav-type="main-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Tenable performance marketing program</a></li> </ul> </div> </div> </div> </div> </div> </div> <div class="rich-menu support rich-menu--two-thirds rich-menu--no-aside"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding right-padding"> <div class="l-grid l-grid-cols--3"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Support</h5> <hr/> <ul> <li><a href="/support" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Technical support</a></li> <li><a href="https://community.tenable.com/s/" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Tenable community</a></li> <li><a href="https://docs.tenable.com/" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Documentation</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Services</h5> <hr/> <ul> <li><a href="/services" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Professional services</a></li> <li><a href="/education" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Training and certification</a></li> <li><a href="/buy/certification" class="c-cta" style="margin-top: 0;" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Buy certification <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Tenable Trust</h5> <hr/> <ul> <li><a href="https://status.tenable.com/" rel="noopener noreferrer" target="_blank" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">System status</a></li> <li><a href="/trust/assurance" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">Security and compliance</a></li> <li><a href="/gdpr-alignment" data-nav-type="main-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">Data protection</a></li> </ul> </div> </div> </div> </div> </div> </div> <div class="rich-menu company"> <div class="rich-menu__menu-container active"> <div class="rich-menu__content left-padding"> <div class="l-grid l-grid-cols--4"> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>About us</h5> <hr/> <ul> <li><a href="/about-tenable/about-us" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="About us">About Tenable</a></li> <li><a href="/about-tenable/leadership" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="About us">Leadership</a></li> <li><a href="https://investors.tenable.com/" rel="noopener noreferrer" target="_blank" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="About us">Investor relations</a></li> <li><a href="/tenable-ventures" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="About us">Tenable Ventures</a></li> <li><a href="/why-tenable" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Why choose Tenable</a></li> <li><a href="/why-tenable#awards" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Awards and recognition</a></li> <li><a href="/customers" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Customer stories</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Media</h5> <hr/> <ul> <li><a href="/media#press-releases" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Media">Press releases</a></li> <li><a href="https://investors.tenable.com/news-releases" rel="noopener noreferrer" target="_blank" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Media">Financial news releases</a></li> <li><a href="/media#news" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Media">News</a></li> <li><a href="/media#kit" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Media">Media kit</a></li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Connect</h5> <hr/> <ul> <li><a href="/try" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Connect">Try our products</a></li> <li><a href="/events" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Connect">Events</a></li> <li><a href="https://community.tenable.com/s/" rel="noopener noreferrer" target="_blank" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Connect">Tenable community</a></li> <li><a href=" https://info.tenable.com/blog-subscription-page.html" rel="noopener noreferrer" target="_blank" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Connect">Subscribe to the blog</a></li> <li> <a href="/about-tenable/contact-tenable" class="c-cta" style="padding-right: 10px;" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Connect">Contact us <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> </div> <div class="rich-menu__col"> <div class="rich-menu__menu"> <h5>Join us</h5> <hr/> <ul> <li><a href="/careers" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Join us">Careers</a></li> <li><a href="/about-tenable/diversity-and-inclusion" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Join us">Diversity and inclusion</a></li> </ul> </div> </div> </div> </div> <aside class="rich-menu__aside right-padding"> <div class="rich-menu__aside-item item--company"> <img src="/themes/custom/tenable/images-new/menus/menu-featured-frost-radar.png" alt="Frost & Sullivan: Frost Radar, Vulnerability Management, 2023" /> <h5>Frost & Sullivan: Frost Radar, vulnerability management, 2023</h5> <p>Tenable is named a leading force in vulnerability management and top ranked among 13 vendors in both the Growth and Innovation indexes.</p> <a href="/analyst-research/frost-sullivan-frost-radar-vulnerability-management-2023" class="c-cta" data-nav-type="main-nav" data-nav-category="Company" data-nav-sub-category="Featured Webinar"> <span>Read the report</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </div> </aside> </div> </div> </header> <nav id="mob-menu" class="mob-menu" style="display: none;"> <ul> <li><span>Platform</span> <ul> <li class="mm-listitem--title"><h4>Tenable platform</h4></li> <li><a href="/products/tenable-one" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">Explore the Platform</a></li> <li><a href="/products/tenable-one#faq" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">FAQ</a></li> <li><a href="/products/tenable-one/evaluate" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">Request a demo</a></li> <li><a href="/exposure-management" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Tenable One Exposure Management Platform" data-nav-product="tenable_one">What is Exposure Management?</a></li> <li><a href="/cloud-security" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Platform Categories" data-nav-product="cloud_security">Cloud Security</a></li> <li><a href="/products/vulnerability-management" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Platform Categories" data-nav-product="vulnerability-management">Vulnerability Management</a></li> <li><a href="/products/ot-security" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Platform Categories" data-nav-product="ot_security">OT/IoT Security</a></li> <li><a href="/products/identity-exposure" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Platform Categories" data-nav-product="identity_exposure">Identity Exposure</a></li> <li><a href="/products/tenable-one/lumin-exposure-view" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Products, Apps & Capabilities" data-nav-product="tenable_one">Exposure Metrics & Reporting</a></li> <li><a href="/products/tenable-one/attack-path-analysis" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Products, Apps & Capabilities" data-nav-product="tenable_one">Attack Path Analysis</a></li> <li><a href="/solutions/exposure-ai" data-nav-type="mobile-nav" data-nav-category="Platform" data-nav-sub-category="Products, Apps & Capabilities" data-nav-product="tenable_one">GenAI Analytics</a></li> </ul> </li> <li> <span>Products</span> <ul> <li class="mm-listitem--title"><h4>Tenable products</h4></li> <li> <a href="/products" data-nav-type="mobile-nav" data-nav-category="Products">Tenable products overview</a> </li> <li> <a href="/products/tenable-one" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-product="tenable_one">Tenable One Exposure Management Platform</a> </li> <li> <span>Cloud Exposure</span> <ul> <li> <a href="/cloud-security" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="cloud_security"> Tenable Cloud Security (CNAPP) </a> </li> <li> <a href="/cloud-security/products/cloud-infrastructure-entitlement-management" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="ciem"> Tenable CIEM </a> </li> <li> <a href="/cloud-security/products/just-in-time" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="jit"> Tenable Just in Time Access (JIT) </a> </li> <li> <a href="/cloud-security/products/open-source" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Cloud Exposure" data-nav-product="open_source"> Tenable Open Source </a> </li> </ul> </li> <li> <span>Vulnerability Exposure</span> <ul> <li> <a href="/products/vulnerability-management" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="vulnerability_management"> Tenable Vulnerability Management </a> </li> <li> <a href="/products/security-center" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="security_center"> Tenable Security Center </a> </li> <li> <a href="/products/web-app-scanning" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="web_app_scanning"> Tenable Web App Scanning </a> </li> <li> <a href="/products/enclave-security" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Tenable Enclave Security" data-nav-product="tenable_enclave_security"> Tenable Enclave Security </a> </li> <li> <a href="/products/tenable-lumin" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="lumin"> Tenable Lumin </a> </li> <li> <a href="/products/attack-surface-management" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="attack_surface_management"> Tenable Attack Surface Management </a> </li> <li> <a href="/products/nessus" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Vulnerability Exposure" data-nav-product="nessus"> Tenable Nessus </a> </li> </ul> </li> <li> <a href="/products/ot-security" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="OT/IoT Exposure" data-nav-product="ot_security"> OT/IoT Exposure </a> </li> <li> <a href="/products/identity-exposure" data-nav-type="mobile-nav" data-nav-category="Products" data-nav-sub-category="Identity Exposure" data-nav-product="identity_exposure"> Identity Exposure </a> </li> </ul> </li> <li> <span>Solutions</span> <ul> <li class="mm-listitem--title"><h4>Tenable solutions</h4></li> <li><a href="/solutions" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Solutions Page">Solutions overview</a></li> <li> <span>Business needs</span> <ul> <li><a href="/solutions/active-directory" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Active Directory</a></li> <li><a href="/solutions/compliance" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Compliance</a></li> <li><a href="/solutions/cyber-insurance" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Cyber insurance</a></li> <li><a href="/solutions/it-ot" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">IT / OT</a></li> <li><a href="/solutions/ransomware" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Ransomware</a></li> <li><a href="/solutions/vulnerability-assessment" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Vulnerability assessment</a></li> <li><a href="/solutions/vulnerability-management" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Vulnerability management</a></li> <li><a href="/solutions/zero-trust" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Business Needs">Zero trust</a></li> </ul> </li> <li> <span>Industries</span> <ul> <li><a href="/solutions/automotive-manufacturing" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Automotive manufacturing</a></li> <li><a href="/solutions/energy" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Energy</a></li> <li><a href="/solutions/finance" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Finance</a></li> <li><a href="/solutions/healthcare" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Healthcare</a></li> <li><a href="/solutions/oil-and-gas" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry">Oil and gas</a></li> <li><a href="/solutions#Industries" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Industry" class="c-cta"> More industries <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a></li> </ul> </li> <li> <span>Compliance</span> <ul> <li><a href="/cybersecurity-regulations" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">Critical Infrastructure Regulations</a></li> <li><a href="/solutions/fisma" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">FISMA</a></li> <li><a href="/solutions/hipaa-compliance" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">HIPAA</a></li> <li><a href="/solutions/nerc-cip" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">NERC CIP</a></li> <li><a href="/solutions/nis-directive-compliance" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">NIS Directive</a></li> <li><a href="/solutions/pci-dss" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">PCI</a></li> <li><a href="/solutions/security-frameworks" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Compliance">Security frameworks</a></li> </ul> </li> <li> <span>Public sector</span> <ul> <li><a href="/solutions/education" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">Educational institutions</a></li> <li><a href="/solutions/sled" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">State / Local / Education</a></li> <li><a href="/solutions/government/us-fed" data-nav-type="mobile-nav" data-nav-category="Solutions" data-nav-sub-category="Public Sector">US federal</a></li> </ul> </li> <li><a href="/solutions/" data-nav-type="mobile-nav" data-nav-category="Solutions">View all solutions</a></li> </ul> </li> <li> <span>Why Tenable</span> <ul> <li class="mm-listitem--title"><h4>Why Tenable</h4></li> <li> <span>The Tenable difference</span> <ul> <li><a href="/why-tenable" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Why choose Tenable</a></li> <li><a href="/why-tenable#awards" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Industry recognition</a></li> <li><a href="/customers" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="The Tenable difference">Customer stories</a></li> </ul> </li> <li> <span>Compare Tenable to:</span> <ul> <li><a href="/why-tenable/tenable-vs-microsoft" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Microsoft Defender</a></li> <li><a href="/why-tenable/tenable-vs-palo-alto-networks" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Palo Alto Prisma Cloud</a></li> <li><a href="/why-tenable/tenable-vs-qualys" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Qualys</a></li> <li><a href="/whitepapers/security-leaders-guide-to-comparing-tenable-and-rapid7" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Rapid7</a></li> <li><a href="/why-tenable/tenable-vs-wiz" data-nav-type="mobile-nav" data-nav-category="Why Tenable" data-nav-sub-category="Compare Tenable to">Wiz</a></li> </ul> </li> </ul> </li> <li> <span>Resources</span> <ul> <li class="mm-listitem--title"><h4>Tenable resources</h4></li> <li> <span>Resources</span> <ul> <li><a href="/resources" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Resource library</a></li> <li><a href="/webinars" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Webinars</a></li> <li><a href="/blog" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Blog</a></li> <li><a href="/education" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Training and certification</a></li> <li><a href="/cybersecurity-guide" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Cybersecurity guide</a></li> <li><a href="/customers" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Resources">Customer stories</a></li> </ul> </li> <li> <span>Research</span> <ul> <li><a href="/research" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research center</a></li> <li><a href="/plugins" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Research">Security plugins</a></li> <li><a href="/security/research" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Research">Zero-Day research</a></li> <li><a href="/blog/search?field_blog_section_tid=49" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research blog</a></li> <li><a href="https://community.tenable.com/s/" data-nav-type="mobile-nav" data-nav-category="Resources" data-nav-sub-category="Research">Research community</a></li> </ul> </li> </ul> </li> <li> <span>Partners</span> <ul> <li class="mm-listitem--title"><h4>Tenable partners</h4></li> <li> <span>Find a partner</span> <ul> <li><a href="/partner-locator/resellers" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner">Search resellers</a></li> <li><a href="/partner-locator/distributors" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner"> Search distributors</a></li> <li><a href="/partner-locator/mssp" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Find a Partner">Search MSSP</a></li> </ul> </li> <li> <span>Tenable Assure partners</span> <ul> <li><a href="/partners" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Overview</a></li> <li><a href="/partners/channel-partner-program" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Channel partner program</a></li> <li><a href="/partners/mssp-partner-program" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">MSSP partner program</a></li> <li><a href="/partners/assure-program-application" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Partner application</a></li> <li> <a href="https://partners.tenable.com/#/page/partner-login" class="rm__blue-cta" target="_blank" rel="noopener noreferrer" style="padding-right: 10px;" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Tenable Assure Partners">Partner portal <svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin: 0 0 -1px 4px;"> <path d="M11.5 6H0.5" stroke="#0079DD" stroke-linecap="round" stroke-linejoin="round"/> <path d="M7.5 2L11.5 6L7.5 10" stroke="#0079DD" stroke-linecap="round" stroke-linejoin="round"/> </svg> </a> </li> </ul> </li> <li> <span>Other partner opportunities</span> <ul> <li><a href="/partners/technology" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Technology ecosystem</a></li> <li><a href="/partners/research" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Research alliance program</a></li> <li><a href="https://tenable.partnerstack.com/" target="_blank" data-nav-type="mobile-nav" data-nav-category="Partners" data-nav-sub-category="Other partner opportunities">Tenable performance marketing program</a></li> </ul> </li> </ul> </li> <li> <span>Support</span> <ul> <li class="mm-listitem--title"><h4>Tenable support</h4></li> <li> <span>Support</span> <ul> <li><a href="/support" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Technical support</a></li> <li><a href="https://community.tenable.com/s/" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Tenable community</a></li> <li><a href="https://docs.tenable.com/" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Support-sub">Documentation</a></li> </ul> </li> <li> <span>Services</span> <ul> <li><a href="/services" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Professional services</a></li> <li><a href="/education" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Training and certification</a></li> <li><a href="/buy/certification" class="rm__blue-cta" style="margin-top: 0;" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Services">Buy certification <svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin: 0 0 -1px 4px;"> <path d="M11.5 6H0.5" stroke="#0079DD" stroke-linecap="round" stroke-linejoin="round"/> <path d="M7.5 2L11.5 6L7.5 10" stroke="#0079DD" stroke-linecap="round" stroke-linejoin="round"/> </svg> </a></li> </ul> </li> <li> <span>Tenable trust</span> <ul> <li><a href="https://status.tenable.com/" rel="noopener noreferrer" target="_blank" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">System status</a></li> <li><a href="/trust/assurance" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">Security and compliance</a></li> <li><a href="/gdpr-alignment" data-nav-type="mobile-nav" data-nav-category="Support-main" data-nav-sub-category="Tenable Trust">Data protection</a></li> </ul> </li> </ul> </li> <li> <span>Company</span> <ul> <li class="mm-listitem--title"><h4>About Tenable</h4></li> <li> <span>About us</span> <ul> <li><a href="/about-tenable/about-us" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="About us">About Tenable</a></li> <li><a href="/about-tenable/leadership" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="About us">Leadership</a></li> <li><a href="https://investors.tenable.com/" rel="noopener noreferrer" target="_blank" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="About us">Investor relations</a></li> <li><a href="/tenable-ventures" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="About us">Tenable ventures</a></li> <li><a href="/why-tenable" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Why choose Tenable</a></li> <li><a href="/why-tenable#awards" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Awards and recognition</a></li> <li><a href="/customers" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Why Tenable">Customer stories</a></li> </ul> </li> <li> <span>Media</span> <ul> <li><a href="/media#press-releases" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Media">Press releases</a></li> <li><a href="https://investors.tenable.com/news-releases" rel="noopener noreferrer" target="_blank" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Media">Financial news releases</a></li> <li><a href="/media#news" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Media">News</a></li> <li><a href="/media#kit" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Media">Media kit</a></li> </ul> </li> <li> <span>Connect</span> <ul> <li><a href="/about-tenable/contact-tenable" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Connect">Contact us</a></li> <li><a href="/try" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Connect">Try our products</a></li> <li><a href="/events" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Connect">Events</a></li> <li><a href="https://community.tenable.com/s/" rel="noopener noreferrer" target="_blank" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Connect">Tenable community</a></li> <li><a href=" https://info.tenable.com/blog-subscription-page.html" rel="noopener noreferrer" target="_blank" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Connect">Subscribe to the blog</a></li> </ul> </li> <li> <span>Join us</span> <ul> <li><a href="/careers" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Join us">Careers</a></li> <li><a href="/about-tenable/diversity-and-inclusion" data-nav-type="mobile-nav" data-nav-category="Company" data-nav-sub-category="Join us">Diversity and inclusion</a></li> </ul> </li> </ul> </li> <li class="mm-listitem--language"> <span>Language</span> <ul> <li><a class="__ptNoRemap" href="https://www.tenable.com?tns_languageOverride=true" data-nav-type="micro-nav" data-nav-category="Language">English</a></li> <li><a href="https://de.tenable.com?tns_languageOverride=true" hreflang="de" data-nav-type="micro-nav" data-nav-category="Language">Deutsch</a></li> <li><a href="https://fr.tenable.com?tns_languageOverride=true" hreflang="fr" data-nav-type="micro-nav" data-nav-category="Language">Français (France)</a></li> <li><a href="https://es-la.tenable.com?tns_languageOverride=true" hreflang="es" data-nav-type="micro-nav" data-nav-category="Language">Español (América Latina)</a></li> <li><a href="https://pt-br.tenable.com?tns_languageOverride=true" hreflang="pt-br" data-nav-type="micro-nav" data-nav-category="Language">Português (Brasil)</a></li> <li><a href="https://it.tenable.com?tns_languageOverride=true" hreflang="it" data-nav-type="micro-nav" data-nav-category="Language">Italiano</a></li> <li><a href="https://www.tenablecloud.cn?tns_languageOverride=true" hreflang="zh-cn" data-nav-type="micro-nav" data-nav-category="Language">简体中文</a></li> <li><a href="https://zh-tw.tenable.com?tns_languageOverride=true" hreflang="zh-tw" data-nav-type="micro-nav" data-nav-category="Language">繁體中文</a></li> <li><a href="https://jp.tenable.com?tns_languageOverride=true" hreflang="ja" data-nav-type="micro-nav" data-nav-category="Language">日本語</a></li> <li><a href="https://kr.tenable.com?tns_languageOverride=true" hreflang="ko" data-nav-type="micro-nav" data-nav-category="Language">한국어</a></li> <li><a href="https://ar.tenable.com?tns_languageOverride=true" hreflang="ar" data-nav-type="micro-nav" data-nav-category="Language">العربية</a></li> </ul> </li> </ul> </nav> <section> <div id="block-tenable-content" class="block block-system block-system-main-block"> <div class="content"> <article id="node-120189"> <div class="title row"> <div class="container"> <h1 class="giga hmb"> <span>[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization</span> </h1> <span class="lozenge critical">Critical</span> </div> </div> <div class="row relative"> <div class="container"> <div class="twothirds"> <div class="back small"><a href="/security/research">← View More Research Advisories</a></div> <div class="widget-container"> <h3 class="widget-header">Synopsis</h3> <div class="widget-content"> <div><p>Current installations of Pivotal's Spring Framework suffer from a potential remote code execution (RCE) issue. Depending on how the library is implemented within a product, it may or may not manifest, and authentication may be required. We have confirmed that current integration in commercial vendor products are affected, so this is not academic. The following write-up is based on how one vendor implemented the Spring Framework and became vulnerable, but illustrates how many other products and vendors could be impacted as well.</p> <p>What Is HttpInvokerServiceExporter?</p> <p>The Spring Framework <a href="http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.html" target="_blank">Javadoc describes</a> <code>HttpInvokerServiceExporter</code> as a “<em>Servlet-API-based HTTP request handler that exports the specified service bean as HTTP invoker service endpoint, accessible via an HTTP invoker proxy.</em>” To the layperson, this essentially means that a client can execute specific methods exposed by the creator of the server application. This functionality is very similar to RMI. In fact, the JavaDoc further describes <code>HttpInvokerServiceExporter</code> in terms of RMI: “<em>Deserializes remote invocation objects and serializes remote invocation result objects. Uses Java serialization just like RMI, but provides the same ease of setup as Caucho's HTTP-based Hessian and Burlap protocols.</em>”</p> <p>This Feels Oddly Familiar…</p> <p>Good, because it should. In 2011, Wouter Coekaerts achieved remote code execution by deserializing proxies through this endpoint. This was assigned <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2894" target="_blank">CVE-2011-2894</a> and was fixed by Pivotal by adding a flag to <code>RemoteInvocationSerializingExporter</code> indicating if proxy classes can be deserialized and restricting how <code>DefaultListableBeanFactory</code> could be deserialized. Wouter also did a <a href="http://www.securityfocus.com/archive/1/archive/1/519593/100/0/threaded" target="_blank">very nice write-up</a> on this vulnerability and, in 2013, Alvaro Muñoz <a href="http://www.pwntester.com/blog/2013/12/16/cve-2011-2894-deserialization-spring-rce/" target="_blank">published a working exploit</a>.</p> <p>Still Deserializing All The Things</p> <p>During recent plugin development, it led Tenable to dig around a commercial product that integrates the Spring Framework. It was found to have an HTTP interface that used <code>HTTPInvokerServiceExporter</code>. Not knowing much about this class, we did what any good researcher would do; throw a GET request to the interface like a champ. Oddly enough, it produced a spinner and then an error message. Checking the server log:</p> <p><code> java.io.EOFException<br> at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2328)<br> at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2797)<br> at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:802)<br> at java.io.ObjectInputStream.<init>(ObjectInputStream.java:299)<br> at org.springframework.core.ConfigurableObjectInputStream.<init>(ConfigurableObjectInputStream.java:64)<br> at org.springframework.remoting.rmi.CodebaseAwareObjectInputStream.<init>(CodebaseAwareObjectInputStream.java:97)<br> at org.springframework.remoting.rmi.RemoteInvocationSerializingExporter.createObjectInputStream(RemoteInvocationSerializingExporter.java:123)<br> at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.readRemoteInvocation(HttpInvokerServiceExporter.java:115)<br> at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.readRemoteInvocation(HttpInvokerServiceExporter.java:96)<br> at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:73)<br> at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:51)</init></init></init></code></p> <p>For those that don’t stare at Java cruft for a good part of their day, this call stack tells us that <code>HttpInvokerServiceExporter</code> is trying to create an <code>ObjectInputStream</code>. Now, the application being examined is using Spring 4.1.4 but we’ll quote directly from 'master' on GitHub (8213df817e1a0f595e6aa55fecb7a5d5777f8236) for easier copy/paste access and because the code hasn’t really changed. The following method is <code>HttpInvokerServiceExporter’s</code> handleRequest:</p> <p><code> @Override<br> public void handleRequest(HttpServletRequest request, HttpServletResponse response)<br> throws ServletException, IOException {<br> try<br> { RemoteInvocation invocation = readRemoteInvocation(request); RemoteInvocationResult result = invokeAndCreateResult(invocation, getProxy()); writeRemoteInvocationResult(request, response, result); }<br> catch (ClassNotFoundException ex)<br> { throw new NestedServletException("Class not found during deserialization", ex); }<br> }</code></p> <p>This function is the entry point into <code>HttpInvokerServiceExport</code>. From the stacktrace, we know that we need to follow the HTTP request down into the <code>readRemoteInvocation</code> method. Which looks like this:</p> <p><code> protected RemoteInvocation readRemoteInvocation(HttpServletRequest request)<br> throws IOException, ClassNotFoundException<br> { return readRemoteInvocation(request, request.getInputStream()); }<br> Next, we have to follow the HTTP request and its payload (that is what getInputStream() is exposing) to readRemoteInvocation():<br> protected RemoteInvocation readRemoteInvocation(HttpServletRequest request, InputStream is)<br> throws IOException, ClassNotFoundException {<br> ObjectInputStream ois = createObjectInputStream(decorateInputStream(request, is));<br> try<br> { return doReadRemoteInvocation(ois); }<br> finally<br> { ois.close(); }<br> }</code></p> <p>Notice that the HTTP request’s payload just got converted into an <code>ObjectInputStream</code> and passed to <code>doReadRemoteInvocation</code>. The $1,000 question Alex, is what does <code>doReadRemoteInvocation</code> do with the <code>ObjectInputStream</code>? Looking at more code:</p> <p><code> protected RemoteInvocation doReadRemoteInvocation(ObjectInputStream ois)<br> throws IOException, ClassNotFoundException {<br> Object obj = ois.readObject();<br> if (!(obj instanceof RemoteInvocation))<br> { throw new RemoteException("Deserialized object needs to be assignable to type [" + RemoteInvocation.class.getName() + "]: " + obj); }<br> return (RemoteInvocation) obj;<br> }</code></p> <p>And we find classic untrusted deserialization. But there is hope! Perhaps their <code>ObjectInputStream</code> uses <a href="https://www.ibm.com/developerworks/library/se-lookahead/" target="_black">IBM’s look ahead method</a>. Peeking into the <code>createObjectInputStream()</code> function we saw in <code>readRemotInvocation</code> we discover that the type of <code>ObjectInputStream</code> created is Spring Framework’s <code>CodeAwareObjectInputStream</code>: <a href="https://github.com/spring-projects/spring-framework/blob/183594207fbb447e1b59262b4469f2aefbb8a3ec/spring-context/src/main/java/org/springframework/remoting/rmi/CodebaseAwareObjectInputStream.java" target="_blank">https://github.com/spring-projects/spring-framework/blob/183594207fbb447e1b59262b4469f2aefbb8a3ec/spring-context/src/main/java/org/springframework/remoting/rmi/CodebaseAwareObjectInputStream.java</a></p> <p>Does it implement the look ahead technique? Unfortunately, no it does not. #SadPanda</p> <p>Is that significant? Yes, as long as the appropriate libraries are included in the product we can exploit this endpoint using an HTTP POST request with a ysoserial gadget (or other unpublished gadgets) in the payload.</p> <p>About Authentication</p> <p>In the product we were examining, the above leads to unauthenticated remote code execution. While Spring does offer Spring Security which would require authentication before reaching this endpoint (as noted <a href="https://stackoverflow.com/questions/33655162/spring-httpinvoker-vulnerable-to-recent-deserialization-exploit-before-authentic" target="_blank">on Stack Overflow</a>), it does not protect an application for authenticated RCE. It also won’t protect those who chose not to use Spring Security as the product being examined did. But, that is for another advisory.</p> <p>Furthermore, we couldn't find any type of warning in the Javadoc or elsewhere about the possible dangers of exposing <code>HttpInvokerServiceExporter</code> to client requests. Based on a lack of documentation and warning, we feel that this arbitrary deserialization of all objects it not a feature, but an oversight.</p></div> </div> </div> <div class="widget-container"> <h3 class="widget-header">Solution</h3> <div class="widget-content"> <p>Pivotal replied to our report, saying:</p> <p><em>A look-ahead check initially sounds worthwhile for this particular case where we only intend to deserialize an instance of the <code>RemoteInvocation</code> class... However, <code>RemoteInvocation</code> may contain any argument values in its nested arguments array, so we wouldn't be gaining anything in practice.<br> ...<br> Our general advice applies: Do not use Java serialization for external endpoints, in particular not for unauthorized ones. HTTP invoker is not a well-kept secret (or an "oversight") but rather the typical case of how a Spring application would expose serialization endpoints to begin with... he has a point that we should make this case all across our documentation, including the javadoc. But I don't really see a CVE case here, just a documentation improvement.</em></p> <p>Pivoltal will enhance their documentation for the 4.2.6 and 3.2.17 releases.</p> </div> </div> <div class="widget-container"> <h3 class="widget-header">Additional References</h3> <div class="widget-content"> <a href="https://projects.spring.io/spring-framework/">https://projects.spring.io/spring-framework/</a><br> <a href="https://cwe.mitre.org/data/definitions/502.html">https://cwe.mitre.org/data/definitions/502.html</a><br> <a href="https://github.com/distributedweaknessfiling/DWF-Database/commit/28116027df99948cdf560deef50987462246367b">https://github.com/distributedweaknessfiling/DWF-Database/commit/28116027df99948cdf560deef50987462246367b</a><br> </div> </div> <div class="widget-container"> <h3 class="widget-header">Disclosure Timeline</h3> <div class="widget-content"> <div> <div>2016-04-06 - Issue discovered </div> <div>2016-04-08 - Submitted to ZDI for consideration, case bainesjr0006 opened </div> <div>2016-04-11 - ZDI declines offer</div> <div>2016-04-13 - Tenable contacts <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="690a1c1a1d06040c1b441a0c1b1f000a0c2919001f061d0805470006">[email protected]</a> for vuln reporting procedure </div> <div>2016-04-26 - Tenable contacts <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="debdabadaab1b3bbacf3adbbaca8b7bdbb9eaeb7a8b1aabfb2f0b7b1">[email protected]</a> again </div> <div>2016-04-26 - Automated reply, #26222 opened </div> <div>2016-04-26 - Pivotal replies, looking for best contact, will get back to us </div> <div>2016-04-26 - Pivotal replies, use <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0576606670776c717c45756c736a7164692b6c6a">[email protected]</a> for vuln reporting</div> <div>2016-04-26 - Tenable sends details to <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2e5d4b4d5b5c475a576e5e4758415a4f42004741">[email protected]</a> </div> <div>2016-04-27 - Pivotal acks mail, passed it to Spring team</div> <div>2016-05-04 - Confirms issue, working as intended, will enhance documentation for 4.2.6 / 3.2.17 releases</div> </div> </div> </div> <div class="small mt2"> <p><em>All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.</em></p> <p><em>Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.</em></p> <p><em>For more details on submitting vulnerability information, please see our <a href="/security/report">Vulnerability Reporting Guidelines</a> page.</em></p> <p><em>If you have questions or corrections about this advisory, please email <a href="/cdn-cgi/l/email-protection#88eafdefe0fde6fcedfafbc8fcede6e9eae4eda6ebe7e5"><span class="__cf_email__" data-cfemail="a8caddcfc0ddc6dccddadbe8dccdc6c9cac4cd86cbc7c5">[email protected]</span></a></em></p> </div> </div> <div class="onethird last"> <h3 class="widget-header">Risk Information</h3> <div> <strong>CVE ID: </strong> <a class="__ptNoRemap" href="https://www.tenable.com/cve/CVE-2016-1000027">CVE-2016-1000027</a><br> </div> <div> <strong>Tenable Advisory ID: </strong> TRA-2016-20 </div> <div> <strong>Credit: </strong> <br> Jacob Baines, Tenable Network Security </div> <div> <strong>CVSSv2 Base / Temporal Score: </strong> <br> 10.0 / 8.1 </div> <div> <strong>CVSSv2 Vector: </strong> <br> (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:W/RC:C) </div> <div> <strong>Affected Products:</strong> <br> Pivotal Spring Framework 4.1.4 </div> <div> <strong>Risk Factor: </strong> <br> Critical </div> <div> <strong>Additional Keywords: </strong> <br> Sproing! </div> <div class="widget-container"> <h3 class="widget-header">Advisory Timeline</h3> <div class="widget-content"> <div> <div>2016-07-08 - [R1] Initial Release</div> <div>2016-07-18 - [R2] Added CVE</div> </div> </div> </div> </div> </div> </div> </div> </div> </section>  <footer id="site-footer" class="site-footer u-bg--brand u-pt--xl u-pb--xxl u-x-breakout"> <div class="l-container"> <div class="site-footer__top"> <div class="l-grid l-grid-cols u-pb--sm"> <div class="l-grid-col-span--16"> <a href="/" class="site-footer__logo"><img src="https://static.tenable.com/press/logos/TenableLogo_White_RGB.svg" alt="Tenable logo" width="187"/></a> </div> </div> </div> <hr class="hr--on-dark"> <div class="site-footer__main l-grid l-grid-cols u-pt--sm u-pb--md u-text-reverse"> <div class="l-grid-col-span--4"> <h3 class="h5 u-mb--xs">Featured products</h3> <ul class="site-footer-menu featured-products"> <li><a href="/products/tenable-one" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="tenable_one">Tenable One Exposure Management Platform</a></li> <li><a href="/cloud-security" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="cloud_security">Tenable Cloud Security</a></li> <li><a href="/cloud-security/products/cloud-infrastructure-entitlement-management" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="ciem">Tenable CIEM</a></li> <li><a href="/products/vulnerability-management" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="vulnerability-management">Tenable Vulnerability Management</a></li> <li><a href="/products/web-app-scanning" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="web_app_scanning">Tenable Web App Scanning</a></li> <li><a href="/products/enclave-security" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="tenable_enclave_security">Tenable Enclave Security</a></li> <li><a href="/products/attack-surface-management" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="attack_surface_management">Tenable Attack Surface Management</a></li> <li><a href="/products/identity-exposure" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="identity_exposure">Tenable Identity Exposure</a></li> <li><a href="/products/ot-security" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="ot_security">Tenable OT Security</a></li> <li><a href="/products/security-center" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="security_center">Tenable Security Center</a></li> <li><a href="/products/tenable-lumin" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="lumin">Tenable Lumin</a></li> <li><a href="/products/nessus" data-nav-type="footer-nav" data-nav-category="Featured Products" data-nav-product="nessus">Tenable Nessus</a></li> <li class="u-mt--xs"> <a href="/products" class="c-cta--on-dark c-cta--on-dark c-cta--accent" data-nav-type="footer-nav" data-nav-category="Featured Products"> <span>View all</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> <div class="l-grid-col-span--4"> <h3 class="h5 u-mb--xs">Featured solutions</h3> <ul class="site-footer-menu site-footer-menu--solutions"> <li><a href="/solutions/active-directory" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Active Directory</a></li> <li><a href="/solutions/building-management-systems" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Building management systems</a></li> <li><a href="/cloud-security/solutions/cspm" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Cloud security posture management</a></li> <li><a href="/solutions/compliance" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Compliance</a></li> <li><a href="/exposure-management" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Exposure management</a></li> <li><a href="/solutions/finance" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Finance</a></li> <li><a href="/solutions/general-manufacturing" data-nav-type="footer-nav" data-nav-category="Featured Solutions">General manufacturing</a></li> <li><a href="/solutions/exposure-ai" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Generative AI</a></li> <li><a href="/solutions/healthcare" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Healthcare</a></li> <li><a href="/cloud-security/solutions/hybrid-cloud" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Hybrid cloud security</a></li> <li><a href="/solutions/it-ot" data-nav-type="footer-nav" data-nav-category="Featured Solutions">IT/OT</a></li> <li><a href="/solutions/ransomware" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Ransomware</a></li> <li><a href="/solutions/sled" data-nav-type="footer-nav" data-nav-category="Featured Solutions">State / Local / Education</a></li> <li><a href="/solutions/government/us-fed" data-nav-type="footer-nav" data-nav-category="Featured Solutions">US federal</a></li> <li><a href="/solutions/vulnerability-management" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Vulnerability management</a></li> <li><a href="/solutions/zero-trust" data-nav-type="footer-nav" data-nav-category="Featured Solutions">Zero trust</a></li> <li class="u-mt--xs"> <a href="/solutions" class="c-cta--on-dark c-cta--on-dark c-cta--accent" data-nav-type="footer-nav" data-nav-category="Featured Solutions"> <span>View all</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"/></svg> </a> </li> </ul> </div> <div class="l-grid-col-span--4"> <h3 class="h5 u-mb--xs">Customer resources</h3> <ul class="site-footer-menu site-footer-menu--resources"> <li><a href="/resources" data-nav-type="footer-nav" data-nav-category="Customer Resources">Resource library</a></li> <li><a href="https://community.tenable.com/login" target="_blank" rel="noopener noreferrer" data-nav-type="footer-nav" data-nav-category="Customer Resources">Community & support</a></li> <li><a href="/education" data-nav-type="footer-nav" data-nav-category="Customer Resources">Customer education</a></li> <li><a href="/research" data-nav-type="footer-nav" data-nav-category="Customer Resources">Tenable Research</a></li> <li><a href="https://docs.tenable.com/" target="_blank" rel="noopener noreferrer" data-nav-type="footer-nav" data-nav-category="Customer Resources">Documentation</a></li> <li><a href="/nessus/resource-center" data-nav-type="footer-nav" data-nav-category="Customer Resources">Nessus resource center</a></li> <li><a href="/cybersecurity-guide" data-nav-type="footer-nav" data-nav-category="Customer Resources">Cybersecurity guide</a></li> <li><a href="/why-tenable" target="_blank" rel="noopener noreferrer" data-nav-type="footer-nav" data-nav-category="Customer Resources">Why Tenable</a></li> <li><a href="/trust" data-nav-type="footer-nav" data-nav-category="Customer Resources">Trust</a></li> <li><a href="https://status.tenable.com/" target="_blank" rel="noopener noreferrer" data-nav-type="footer-nav" data-nav-category="Customer Resources">System status</a></li> </ul> </div> <div class="l-grid-col-span--4"> <h3 class="h5 u-mb--xs">Connections</h3> <ul class="site-footer-menu site-footer-menu--connections"> <li><a href="/blog" data-nav-type="footer-nav" data-nav-category="Connections">Blog</a></li> <li><a href="/about-tenable/contact-tenable" data-nav-type="footer-nav" data-nav-category="Connections">Contact us</a></li> <li><a href="/careers" data-nav-type="footer-nav" data-nav-category="Connections">Careers</a></li> <li><a href="https://investors.tenable.com" target="_blank" rel="noopener noreferrer" data-nav-type="footer-nav" data-nav-category="Connections">Investors</a></li> <li><a href="/tenable-ventures" data-nav-type="footer-nav" data-nav-category="Connections">Tenable Ventures</a></li> <li><a href="/events" data-nav-type="footer-nav" data-nav-category="Connections">Events</a></li> <li><a href="/media" data-nav-type="footer-nav" data-nav-category="Connections">Media</a></li> </ul> </div> </div> <hr class="hr--on-dark"> <div class="site-footer__bottom l-grid l-grid-cols u-flex u-pt--xs u-text-reverse"> <div class=""> <ul class="site-footer-menu site-footer-menu--inline u-flex u-flex-top"> <li><a href="/privacy-policy">Privacy policy</a></li> <li><a href="/privacy-policy/#california-rights"> Do not sell/share my personal information</a></li> <li><a href="/legal">Legal</a></li> <li><a id="last-info-link" href="/section-508-voluntary-product-accessibility">508 compliance</a></li> </ul> <p> <span>© 2024 Tenable®, Inc. All rights reserved</span> </p> </div> <div class="site-footer-social u-text-reverse"> <div class="site-footer-social__menu u-flex"> <a href="https://www.linkedin.com/company/tenableinc/" target="_blank" rel="noopener noreferrer"><img src="https://static.tenable.com/marketing/icons/social/PNG/footer-icon-linkedin-white.png" alt="Linkedin"/></a> <a href="https://twitter.com/tenablesecurity" target="_blank" rel="noopener noreferrer"><img src="https://static.tenable.com/marketing/icons/social/PNG/footer-icon-twitter-white.png" alt="Twitter"/></a> <a href="https://www.youtube.com/channel/UCX_67IPEhqyYF9ppVRAcAwQ" target="_blank" rel="noopener noreferrer"><img src="https://static.tenable.com/marketing/icons/social/PNG/footer-icon-youtube-white.png" alt="Youtube"/></a> <a href="https://www.instagram.com/tenableofficial/" target="_blank" rel="noopener noreferrer"><img src="https://static.tenable.com/marketing/icons/social/PNG/instagram-no-circle-white.png" alt="Instagram" /></a> <a href="https://www.facebook.com/Tenable.Inc" target="_blank" rel="noopener noreferrer"><img src="https://static.tenable.com/marketing/icons/social/PNG/footer-icon-facebook-white.png" alt="Facebook"/></a> </div> </div> </div> </div> </footer> <div class="try-buy-modal try-buy-modal--24 tenableio tenableio-vm mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="tenableio"> <div class="try-buy-modal__nav"> <a class="js-tab tab-01 js-active try-tab">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="aligncenter"> <h3>Tenable Vulnerability Management</h3> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.</p> <p class="io-includes">Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.</p> </div> <div class="try-buy-modal__form try eval-form-box aligncenter nessus-multipart-modal" id="t-eval-tio-vm" data-product="vm" data-floating-label="true" data-field-error="true"> </div> </div> <div class="try-buy-modal__content buy js-tab-content content-02"> <div class="aligncenter"> <h3>Tenable Vulnerability Management</h3> <p class="textcenter">Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. <strong>Purchase your annual subscription today.</strong></p> <div class="try-buy-modal__form buy textcenter tio-vm-buy-now white pad-t-1"> <div class="textcenter try-buy-modal__slider"> <button class="btn btn-link tio-vm-minus-one minus-one invisible">-</button> <span class="tio-vm-assets-value assets-value">100</span> assets <button class="btn btn-link tio-vm-plus-one plus-one">+</button> </div> <input type="range" class="tio-vm-assets" min="100" max="251" value="100"> <div class="indicators"></div> <p class="textcenter">Choose your subscription option:</p> <form class="tio-vm-pricing mt"> <div class="clearfix"> <div class="col-sm-4"> <input class="tio-option" id="tio-one-year" type="radio" name="tio-price" value="tenableio"> <label for="tio-one-year"> 1 Year<br><strong class="tio-vm-price">$3,500</strong> </label> </div> <div class="col-sm-4"> <input class="tio-option" id="tio-two-years" type="radio" name="tio-price" value="tiotwoyear" checked=""> <label for="tio-two-years"> 2 Years<br><strong class="tio-vm-price-two-years">$6,825</strong> </label> </div> <div class="col-sm-4"> <input class="tio-option" id="tio-three-years" type="radio" name="tio-price" value="tiothreeyear"> <label for="tio-three-years"> 3 Years<br><strong class="tio-vm-price-three-years">$9,975</strong> </label> </div> </div> <a class="btn btn-2017 btn-2017--orange btn-2017--large tio-vm-buy-btn mt mb2" target="_blank" rel="noreferrer noopener" data-promotion="webmodal-io" data-source="Modal" href="https://store.tenable.com/1479/purl-tiotwoyear?quantity=100&x-promotion=webmodal-io&x-Source=Modal">Buy Now</a> </form> <div class="c-form c-form--hanging-label c-form__marketo--try-buy-modal js-form-hanging-label tio-vm-contact-info hidden"> <p>Please contact us or a <a href="https://www.tenable.com/partner-locator/resellers" class="underline slate-color">Tenable partner.</a></p> <form data-formId="3174" data-confirmation="vm-confirmform-modal" ></form> </div> <div class="textcenter mt mb hidden vm-confirmform-modal"> <h3>Thank You</h3> <p>Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.</p> </div> </div> </div> </div> </div><div class="try-buy-modal try-buy-modal--24 tenableio tenableio-vm mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="tenableio-4part"> <div class="try-buy-modal__nav"> <a class="js-tab tab-01 js-active try-tab">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <h4>Tenable Vulnerability Management</h4> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.</p> <p class="io-includes">Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.</p> <div class="try-buy-modal__form try eval-form-box aligncenter nessus-multipart-modal" id="t-eval-tio-vm-b" data-product="vm" data-floating-label="true" data-field-error="true" data-four-steps="true"> </div> </div> <div class="try-buy-modal__content buy js-tab-content content-02"> <h4>Tenable Vulnerability Management</h4> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. <strong>Purchase your annual subscription today.</strong></p> <div class="try-buy-modal__form buy textcenter tio-vm-buy-now c-form c-form__marketo--try-buy-modal try-buy-hide-labels"> <div class="textcenter try-buy-modal__slider"> <button class="btn btn-link tio-vm-minus-one minus-one invisible">-</button> <span class="tio-vm-assets-value assets-value">100</span> assets <button class="btn btn-link tio-vm-plus-one plus-one">+</button> </div> <input type="range" class="tio-vm-assets" min="100" max="251" value="100"> <div class="indicators"></div> <p class="textcenter">Choose your subscription option:</p> <form class="tio-vm-pricing mt"> <div class="l-grid l-grid-cols--3"> <div> <input class="tio-option" id="tio-one-year" type="radio" name="tio-price" value="tenableio"> <label for="tio-one-year"> 1 Year<br><strong class="tio-vm-price">$3,500</strong> </label> </div> <div> <input class="tio-option" id="tio-two-years" type="radio" name="tio-price" value="tiotwoyear" checked=""> <label for="tio-two-years"> 2 Years<br><strong class="tio-vm-price-two-years">$6,825</strong> </label> </div> <div> <input class="tio-option" id="tio-three-years" type="radio" name="tio-price" value="tiothreeyear"> <label for="tio-three-years"> 3 Years<br><strong class="tio-vm-price-three-years">$9,975</strong> </label> </div> </div> <a class="btn btn-2017 btn-2017--orange btn-2017--large tio-vm-buy-btn mt mb2" target="_blank" rel="noreferrer noopener" data-promotion="webmodal-io" data-source="Modal" href="https://store.tenable.com/1479/purl-tiotwoyear?quantity=100&x-promotion=webmodal-io&x-Source=Modal">Buy Now</a> </form> <div class="c-form c-form--hanging-label c-form__marketo--try-buy-modal js-form-hanging-label tio-vm-contact-info hidden c-form__marketo--two-columns"> <p>Please contact us or a <a href="https://www.tenable.com/partner-locator/resellers" class="underline slate-color">Tenable partner.</a></p> <form data-formId="3174" data-confirmation="vm-confirmform-modal"></form> </div> <div class="textcenter mt mb hidden vm-confirmform-modal"> <h3>Thank you</h3> <p>Thank you for your interest in Tenable.io. A representative will be in touch soon.</p> </div> </div> </div> </div><div class="try-buy-modal try-buy-modal--24 tenableio tenableio-vm mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="tenableio-2part"> <div class="try-buy-modal__nav"> <a class="js-tab tab-01 js-active try-tab">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <h4 class="mb0">Tenable Vulnerability Management</h4> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.</p> <p class="io-includes">Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.</p> <div class="try-buy-modal__form try eval-form-box aligncenter nessus-multipart-modal" id="t-eval-tio-vm-a" data-product="vm" data-two-steps="true" data-field-error="true" data-floating-label="true"> </div> </div> <div class="try-buy-modal__content buy js-tab-content content-02"> <h4>Tenable Vulnerability Management</h4> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. <strong>Purchase your annual subscription today.</strong></p> <div class="try-buy-modal__form buy textcenter tio-vm-buy-now white pad-t-1"> <div class="textcenter try-buy-modal__slider"> <button class="c-button--transparent tio-vm-minus-one minus-one invisible">-</button> <span class="tio-vm-assets-value assets-value">100</span> assets <button class="c-button--transparent tio-vm-plus-one plus-one">+</button> </div> <input type="range" class="tio-vm-assets" min="100" max="251" value="100"> <div class="indicators"></div> <p class="textcenter">Choose your subscription option:</p> <form class="tio-vm-pricing mt"> <div class="l-grid l-grid-cols--3 l-grid--center-y"> <div> <input class="tio-option" id="tio-one-year" type="radio" name="tio-price" value="tenableio"> <label for="tio-one-year"> 1 Year<br><strong class="tio-vm-price">$3,500</strong> </label> </div> <div> <input class="tio-option" id="tio-two-years" type="radio" name="tio-price" value="tiotwoyear" checked=""> <label for="tio-two-years"> 2 Years<br><strong class="tio-vm-price-two-years">$6,825</strong> </label> </div> <div> <input class="tio-option" id="tio-three-years" type="radio" name="tio-price" value="tiothreeyear"> <label for="tio-three-years"> 3 Years<br><strong class="tio-vm-price-three-years">$9,975</strong> </label> </div> </div> <a class="btn btn-2017 btn-2017--orange btn-2017--large tio-vm-buy-btn mt mb2" target="_blank" rel="noreferrer noopener" data-promotion="webmodal-io" data-source="Modal" href="https://store.tenable.com/1479/purl-tiotwoyear?quantity=100&x-promotion=webmodal-io&x-Source=Modal">Buy Now</a> </form> <div class="c-form c-form--hanging-label c-form__marketo--try-buy-modal js-form-hanging-label tio-vm-contact-info hidden c-form__marketo--two-columns"> <p>Please contact us or a <a href="https://www.tenable.com/partner-locator/resellers" class="underline slate-color">Tenable partner.</a></p> <form data-formId="3174" data-confirmation="vm-confirmform-modal"></form> </div> <div class="textcenter mt mb hidden vm-confirmform-modal"> <h3>Thank you</h3> <p>Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.</p> </div> </div> </div> </div><div class="try-buy-modal try-buy-modal--24 tenableio tenableio-was mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="tenableio-was"> <div class="try-buy-modal__nav"> <a class="js-tab tab-01 js-active try-tab">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <h4>Try Tenable Web App Scanning</h4> <p>Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. <strong>Sign up now.</strong></p> <p class="io-includes">Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.</p> <div class="try-buy-modal__form try eval-form-box aligncenter nessus-multipart-modal" id="t-eval-tio-was" data-product="was" data-floating-label="true" data-field-error="true" data-four-steps="true"> </div> </div> <div class="try-buy-modal__content buy js-tab-content content-02"> <h4>Buy Tenable Web App Scanning</h4> <p>Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. <strong>Purchase your annual subscription today.</strong></p> <div class="try-buy-modal__form buy textcenter tio-was-buy-now"> <div class="mb textcenter"> <button class="btn btn-link tio-was-minus-one minus-one invisible">-</button> <span class="tio-was-assets-value assets-value">5</span><span title="Fully Qualified Domain Names"> FQDNs</span> <button class="btn btn-link tio-was-plus-one plus-one">+</button> </div> <input type="range" class="tio-was-assets" min="5" max="16" value="5"> <div class="tio-was-indicators indicators mb2"></div> <div class="tio-was-pricing"> <p><strong class="tio-was-price">$3,578</strong></p> <p><a class="btn btn-orange tio-was-buy-btn" data-promotion="webmodal-was" data-source="Modal" href="https://store.tenable.com/1479/?scope=checkout&cart=202710?x-promotion=webmodal-was&x-Source=Modal" target="_blank" rel="noopener noreferrer">Buy Now</a></p> </div> <div class="c-form c-form--hanging-label c-form__marketo--try-buy-modal js-form-hanging-label tio-was-contact-info hidden c-form__marketo--two-columns"> <p class="kilo">Please contact us or a <a href="https://www.tenable.com/partner-locator/resellers">Tenable partner.</a></p> <form data-formId="3258" data-confirmation="was-confirmform-modal" data-formInstance="was"></form> <div class="textcenter mt mb was-confirmform-modal hidden"> <h3>Thank you</h3> <p>Thank you for your interest in Tenable Web App Scanning. A representative will be in touch soon.</p> </div> </div> </div> </div> </div><div class="try-buy-modal try-buy-modal--24 tenableio tenableio-vm mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="lumin-eval"> <div class="try-buy-modal__nav"> <a class="js-tab tab-01 js-active try-tab">Try for free</a> <a class="js-tab tab-02 buy-tab">Contact sales</a> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <h4>Try Tenable Lumin</h4> <p>Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.</p> <p class="io-includes">Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.</p> <div class="try-buy-modal__form try eval-form-box aligncenter nessus-multipart-modal" id="t-eval-t-lumin" data-product="lumin" data-floating-label="true" data-field-error="true" data-four-steps="true"> </div> </div> <div class="try-buy-modal__content buy js-tab-content content-02"> <h4 class="mb">Buy Tenable Lumin</h4> <p>Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.</p> <div class="try-buy-modal__form buy eval-form-container" id="buy-lumin"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal c-form__marketo--two-columns"> <form data-formId="3828" data-confirmation="lumin-confirmform-modal" class="mktoForm marketo-2017"></form> <div class="textcenter mt mb hidden lumin-confirmform-modal"> <h3>Thank you</h3> <p>Thank you for your interest in Tenable Lumin. A representative will be in touch soon.</p> </div> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--vulnerability-exposure" id="tenable-sc-eval"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">Request a demo of Tenable Security Center</h3> <p class="mt">Please fill out this form with your contact information.<br><br>A sales representative will contact you shortly to schedule a demo.</p> <p><em>* Field is required</em></p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="3504" class="mktoForm marketo-2017" data-followup="/products/tenable-sc/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--operational-technology" id="ot-eval"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">Request a demo of Tenable OT Security</h3> <p>Get the Operational Technology security you need.<br><br>Reduce the risk you don’t.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="3879" class="mktoForm marketo-2017" data-followup="https://www.tenable.com/products/tenable-ot/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--identity-exposure" id="ad-eval"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">Request a demo of Tenable Identity Exposure</h3> <p>Continuously detect and respond to Active Directory attacks. No agents. No privileges.<br><br>On-prem and in the cloud.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="4178" class="mktoForm marketo-2017" data-followup="https://www.tenable.com/products/tenable-ad/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--cloud-exposure" id="tenable-cs"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">Request a demo of Tenable Cloud Security</h3> <hr class="hr--on-dark u-my--xs "> <p class="u-mb--0"><strong>Exceptional unified cloud security awaits you!</strong></p> <hr class="hr--on-dark u-my--xs "> <p class="mt">We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="10155" data-followup="https://www.tenable.com/cloud-security/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--tenable-one" id="one-eval"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">See <br>Tenable One<br> in action</h3> <p>Exposure management for the modern attack surface.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="7469" data-followup="https://www.tenable.com/products/tenable-one/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--vulnerability-exposure" id="asm-eval"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">See Tenable Attack Surface Management in action</h3> <p>Know the exposure of every asset on any platform.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="6937" data-followup="https://www.tenable.com/products/attack-surface-management/evaluate/thank-you"></form> </div> </div> </div> </div> <div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap modal--vulnerability-exposure" id="enclave"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h3 class="u-text-reverse">Get a demo of Tenable Enclave Security</h3> <p>Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.</p> </div> <div class="try-buy-modal__form u-p--md buy"> <div class="c-form try-buy-hanging-label c-form__marketo--try-buy-modal"> <form data-formId="12543" data-confirmation="enclave-confirmform-modal"></form> <div class="textcenter mt mb hidden enclave-confirmform-modal"> <h3>Thank You</h3> <p>Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.</p> </div> </div> </div> </div> </div> <div class="try-buy-modal try-buy-modal--24 nessus nessus-pro mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="nessus"> <div class="try-buy-modal__nav" id="price-info-tab"> <a class="js-tab tab-01 try-tab js-active">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content js-tab-content try js-active content-01"> <h4>Try Tenable Nessus Professional free</h4> <span class="tagline">Free for 7 days</span> <p>Tenable Nessus is the most comprehensive vulnerability scanner on the market today.</p> <div class="nessus-expert-callout"> <h4 class="uppercase nomt nomb textcenter">NEW - Tenable Nessus Expert <br>now available</h4> <p class="pad-t-1 u-pb--sm">Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. <strong><a href="/products/nessus/nessus-expert/evaluate?utm_source=tenable-com&utm_medium=modal&utm_campaign=try-nessus-pro-upsell">Click here to Try Nessus Expert.</a></strong></p> </div> <p class="mt">Fill out the form below to continue with a Nessus Pro trial.</p> <div class="try-buy-modal__form try eval-form-box nessus-multipart-modal"> <tenable-evaluation class="tenable-evaluation-modal-form" type="nessus" env="production" hide-headings="true" floating-labels="true" flex-buttons="true"></tenable-evaluation> </div> </div> <div class="try-buy-modal__content js-tab-content buy content-02" id="buy-nessus-pro"> <div class="c-nessus-form c-nessus-form--pro c-nessus-form--id-modifier-"> <div class="c-nessus-form__buy"> <h4>Buy Tenable Nessus Professional</h4> <p>Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.</p> <p>Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.</p>  <form class="c-nessus-form__form nessus-bundle-buy-now"> <strong>Select your license</strong> <p>Buy a multi-year license and save.</p> <label for="nessus-bundle-one-year"> <input class="nessus-bundle-option" id="nessus-bundle-one-year" type="radio" name="nessus-bundle-price" value="webNessusOneYearOptin" checked=""> 1 Year - <span class="nessus-bundle-price-one-year">$3,990</span><span class="nessus-bundle-price-one-year-vat hidden">*</span> </label> <label for="nessus-bundle-two-years"> <input class="nessus-bundle-option" id="nessus-bundle-two-years" type="radio" name="nessus-bundle-price" value="webNessusTwoYearOptin"> 2 Years - <span class="nessus-bundle-price-two-years">$7,780.50</span><span class="nessus-bundle-price-two-years-vat hidden">*</span><span class="nessus-bundle-price-two-years-discount hidden">Save</span> </label> <label for="nessus-bundle-three-years"> <input class="nessus-bundle-option" id="nessus-bundle-three-years" type="radio" name="nessus-bundle-price" value="webNessusThreeYearOptin"> 3 Years - <span class="nessus-bundle-price-three-years">$11,371.50</span><span class="nessus-bundle-price-three-years-vat hidden">*</span><span class="nessus-bundle-price-three-years-discount small hidden">Save</span> </label> <div class="u-mt--xs u-mb--xxs"><strong>Add support and training</strong></div> <label for="nessus-bundle-advanced-support"> <input class="nessus-pro-option" id="nessus-bundle-advanced-support" type="checkbox" name="nessus-bundle-support" value="Alwaysin" checked> <strong>Advanced Support - <span class="adv-sup-price adv-sup-price-one-year">$400</span></strong> <p class="u-text--sm"> 24x365 Access to phone, email, community, and chat support. <a href="/products/nessus/nessus-professional/advanced-support" >More info</a>.</p> </label> <label for="nessus-bundle-training"> <input class="nessus-pro-option" id="nessus-bundle-training" type="checkbox" name="nessus-bundle-training" value="training"> <strong>On-Demand Training - <span class="course-price-nessus-fundamentals">$275</span></strong> <p class="u-text--sm"> 1 Year Access to the Nessus Fundamentals On-Demand Video Course for 1 person. <a href="/education/courses/nessus-fundamentals?utm_source=tenable-com&utm_medium=pro-modal-buy&utm_campaign=more-info">More info</a>.</p> </label> <a class="c-button nessus-expert-button u-mt--md nessus-bundle-button" target="_blank" data-promotion="webmodal-nessus" data-source="Modal" href="https://store.tenable.com/1479/purl-webNessusOneYearBundle_Support?x-promotion=webmodal-nessus&x-Source=Modal">Buy Now</a> <div class="form-bottom-links u-mt--md u-space-x--sm"> <a href="https://community.tenable.com/s/products" target="_blank" class="c-cta"> <span>Renew an existing license</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> <a href="/partner-locator/resellers" class="c-cta"> <span>Find a reseller</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </div> <p class="nessus-pro-buy-vat hidden">*VAT incl.</p> </form> </div> </div>  </div> </div><div class="try-buy-modal try-buy-modal--24 nessus nessus-expert mfp-hide js-tab-wrap modal--vulnerability-exposure u-p--md" id="expert"> <div class="try-buy-modal__nav" id="price-info-tab"> <a class="js-tab tab-01 try-tab js-active">Try for free</a> <a class="js-tab tab-02 buy-tab">Buy now</a> </div> <div class="try-buy-modal__content js-tab-content try js-active content-01"> <h4>Try Tenable Nessus Expert free</h4> <span class="tagline">Free for 7 days.</span> <p>Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.</p> <p><strong>Already have Tenable Nessus Professional?</strong> <a href="/products/nessus/nessus-expert/evaluate/upgrade"><br>Upgrade to Nessus Expert free for 7 days.</a></p> <div class="try-buy-modal__form try eval-form-box nessus-multipart-modal"> <tenable-evaluation class="tenable-evaluation-modal-form" type="expert" env="production" hide-headings="true" floating-labels="true" flex-buttons="true"></tenable-evaluation> </div> </div> <div class="try-buy-modal__content js-tab-content buy content-02" id="buy-nessus-expert"> <div class="c-nessus-form c-nessus-form--pro c-nessus-form--id-modifier-"> <div class="c-nessus-form__buy"> <h4>Buy Tenable Nessus Expert</h4> <p>Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.</p>  <form class="c-nessus-form__form nessus-expert-buy-now"> <strong>Select your license</strong> <p><em>Buy a multi-year license and save more.</em></p> <label for="nessus-expert-one-year"> <input class="nessus-expert-option" id="nessus-expert-one-year" type="radio" name="nessus-expert-price" value="webExpertOneYearOptin" checked=""> <strong>1 Year</strong> - <span class="nessus-expert-price-one-year">$5,990</span><span class="nessus-expert-price-one-year-vat hidden">*</span><span class="nessus-expert-price-one-year-discount hidden">Save</span> </label> <label for="nessus-expert-two-years"> <input class="nessus-expert-option" id="nessus-expert-two-years" type="radio" name="nessus-expert-price" value="webExpertTwoYearOptin"> <strong>2 Years</strong> - <span class="nessus-expert-price-two-years">$11,680.50</span><span class="nessus-expert-price-two-years-vat hidden">*</span><span class="nessus-expert-price-two-years-discount hidden">Save</span> </label> <label for="nessus-expert-three-years" class="no-border"> <input class="nessus-expert-option" id="nessus-expert-three-years" type="radio" name="nessus-expert-price" value="webExpertThreeYearOptin"> <strong>3 Years</strong> - <span class="nessus-expert-price-three-years">$17,071.50</span><span class="nessus-expert-price-three-years-vat hidden">*</span><span class="nessus-expert-price-three-years-discount small hidden">Save</span> </label> <div class="u-mt--sm nessus-expert-options"> <strong>Add support and training</strong> <label for="nessus-expert-advanced-support" class="u-mt--xxxs"> <input class="nessus-expert-option" id="nessus-expert-advanced-support" type="checkbox" name="nessus-expert-support" value="Alwaysin" checked> <strong>Advanced Support - <span class="nessus-expert-adv-sup-price nessus-expert-adv-sup-price-one-year">$400</span></strong><br> 24x365 Access to phone, email, community, and chat support. <a href="/products/nessus/advanced-support">More info</a>. </label> <label for="nessus-expert-training"> <input class="nessus-expert-option" id="nessus-expert-training" type="checkbox" name="nessus-expert-training" value="training"> <strong>Nessus Fundamentals - <span class="nessus-expert-course-price-nessus-fundamentals">$275</span></strong><br> 1 Year Access to the Nessus Fundamentals On-Demand Video Course for 1 person. <a href="/education/courses/nessus-fundamentals?utm_source=tenable-com&utm_medium=expert-modal-buy&utm_campaign=more-info">More info.</a></span> </label> <label for="nessus-expert-bundle-training" class="no-border"> <input class="nessus-expert-option" id="nessus-expert-bundle-training" type="checkbox" name="nessus-expert-bundle-training" value="training"> <strong>Nessus Fundamentals + Nessus Advanced - <span class="nessus-expert-course-price-nessus-fundamentals-plus-advanced">$385</span></strong><br> 1 Year Access to the Nessus Fundamentals and Nessus Advanced On-Demand Video Courses for 1 person. <a href="/education/courses/nessus-advanced?utm_source=tenable-com&utm_medium=pro-buypage-embed&utm_campaign=more-info">More info.</a></span> </label> </div> <a class="c-button nessus-expert-button u-mt--xs" data-promotion="webmodal-expert" data-source="Modal" target="_blank" href="https://store.tenable.com/1479/purl-webExpertOneYearOptin?x-promotion=webmodal-expert&x-Source=Modal">Buy Now</a> <div class="form-bottom-links u-mt--md u-space-x--sm"> <a href="https://community.tenable.com/s/products" target="_blank" class="c-cta"> <span>Renew an existing license</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> <a href="/partner-locator/resellers" class="c-cta"> <span>Find a reseller</span> <svg height="10" viewBox="0 0 9.2625 15" width="6.18" xmlns="http://www.w3.org/2000/svg"><path d="m10.7375 20.725 5.725-5.725-5.725-5.7375 1.7625-1.7625 7.5 7.5-7.5 7.5z" transform="translate(-10.7375 -7.5)"></path></svg> </a> </div> </form> </div> </div>  </div> </div><div class="try-buy-modal tenableio tenableio-vm modal-demo mfp-hide js-tab-wrap marketo-2017" id="slgcs-grant"> <div class="try-buy-modal__nav"> </div> <div class="try-buy-modal__content try js-tab-content js-active content-01"> <div class="try-buy-modal__content-l u-text-reverse u-bg--brand u-p--md"> <h4 class="u-text-reverse mb">Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements</h4> <p>Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.</p> </div> <div class="try-buy-modal__form buy u-p--md"> <div class="tenableresearch-form-box" style="margin-top:0;"> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script src="https://info.tenable.com/js/forms2/js/forms2.js"></script> <form id="mktoForm_10616"></form> <script>MktoForms2.loadForm("//info.tenable.com", "934-XQB-568", 10616);</script> <script> MktoForms2.whenReady(function(form) { //Add an onSuccess handler form.onSuccess(function(values, followUpUrl) { //get the form's jQuery element and hide it form.getFormElem().hide(); document.getElementById('slg-confirmform').style.display = 'block'; //return false to prevent the submission handler from taking the lead to the follow up url. return false; }); }); </script> <div id="slg-confirmform" class="hidden"> <p class="textcenter"><strong>Thank you.</strong></p> <p>You should receive a confirmation email shortly and one of our Sales Development Representatives will be in touch. Route any questions to <a href="/cdn-cgi/l/email-protection#22716e6165726256474c43404e470c414d4f" target="_blank" rel="noopener noreferrer"><span class="__cf_email__" data-cfemail="70233c3337203004151e11121c155e131f1d">[email protected]</span></a>.</p> </div> </div> </div> </div> </div>  </div> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script src="/sites/default/files/js/js_xexH3e45AWvNkE6heIIJzqZWKlyULyvVrTVN7UDnCok.js?scope=footer&delta=0&language=en&theme=tenable&include=eJwrSc1LTMpJ1U_PyU9KzNHNKgYAO8MGhg"></script> <script src="https://info.tenable.com/js/forms2/js/forms2.js"></script> <script src="https://munchkin.marketo.net/munchkin.js"></script> <script src="https://www.tenable.com/lp/cookie.js"></script> <script src="/evaluations/api/v1/tenable-evals.js"></script> <script src="/evaluations/api/v1/tenable/evaluations/index.js"></script> <script src="/themes/custom/tenable/js/buy.js"></script> <script type="text/javascript"> console.log(' ____ _ _ _\r\n \/ \\ | |_ ___ _ __ __ _| |__ | | ___\r\n\/ \/\\ \\ | __\/ _ \\ \'_ \\ \/ _` | \'_ \\| |\/ _ \\\r\n\\ \\\/ \/ | || __\/ | | | (_| | |_) | | __\/\r\n \\ ____ \/ \\__\\___|_| |_|\\__,_|_.__\/|_|\\___|\r\n\r\nIf you\'re looking at this, we want to hire you.\r\nhttps:\/\/www.tenable.com\/careers'); </script> </body> </html>

CINXE.COM

[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization - Research Advisory | Tenable®