Software Vulnerability Manager
Release Notes
December 2017
Introduction
Software Vulnerability Manager reimagines how software is secured by closing the gap between IT Security and IT Operations by providing industry leading security research, risk assessment and remediation through Software Vulnerability Manager’s key components:
| • | Research: Keep up with the latest software vulnerability research and advisories from Secunia Research |
| • | Patching: Remediate software vulnerabilities in third-party applications |
| • | Assessment: Discover where software vulnerabilities are installed across your organization |
New Features and Enhancements
The following table lists new features and enhancements for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the new feature or enhancement.
|
Affected Module(s) |
Feature or Enhancement Description |
Reference Number |
|
Assessment, Settings |
Software Vulnerability Manager now scans the Red Hat Enterprise Linux (RHEL) platform. Go to Software Vulnerability Manager’s Settings > Assessments > Downloads to download the Vulnerable Software Discovery Tool for Red Hat Linux 6 RPM and Vulnerable Software Discovery Tool for Red Hat Linux 7 RPM. For the online help reference, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Scanning_Red_Hat_Enterprise_Linux__RHEL_.htm |
SVM-1 |
|
Assessment |
Under Assessment > Products > Product Details added a label titled Entry Created to record when a Product is added to Software Vulnerability Manager. |
SVM-85 |
|
Assessment |
Under Assessment > Devices > Device List the column order has been changed to: Device Name Platform OS Version System Score Secure Products Insecure Products EOL Versions Discontinued Products Last Scanned Inventory Source Under Assessment > Devices > Device List the filter order has been changed to: Device Name Platform OS Version Has EOL Versions Has Discontinued Products Days since last Scan |
SVM-192 |
|
Assessment |
Assessment Reports have the new Flexera logo. |
SVM-198 |
|
All |
Email notifications have the Software Vulnerability Manager product logo. |
SVM-200 |
|
All |
In legal and copyright information, “Flexera Software” and “Flexera Software LLC” has been changed to “Flexera”. |
SVM-264 |
|
Vulnerability Manager, Settings |
When a user is removed from a user group’s Watch List, there is now a settings options asking if all enforced Watch List subscriptions should be removed from the remaining user group members. |
SVM-301 |
Resolved Issues
The following table lists resolved issues for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the resolved issue.
|
Affected Module(s) |
Issue Summary |
Reference Number |
|||||||||||||||||||||
|
Analytics |
In Analytics > Devices the pie graphs now have on-click filters. In Analytics > Products the pie graphs can now be filtered. |
SVM-14 |
|||||||||||||||||||||
|
Settings |
The following API filters are now working:
|
SVM-18 |
|||||||||||||||||||||
|
Research |
Product data inconsistency has been resolved between Software Vulnerability Manager and databases SVM Research/VIM4/VT to identify orphaned products. |
SVM-81 |
|||||||||||||||||||||
|
Vulnerability Manager |
Export Product Versions for “all products” now generates a .csv file. |
SVM-213 |
|||||||||||||||||||||
|
Assessment |
Performance issues for more than 30,000 hosts was addressed to ensure accurate counts when filtering, sorting, and exporting advisory and product details. |
SVM-238 |
|||||||||||||||||||||
|
Assessment |
Under Assessment > Advisories, the Reset button now clears the page’s filters and the Assessment > Advisories page refreshes after the user navigates to other modules within Software Vulnerability Manager. |
SVM-251 |
|||||||||||||||||||||
|
Research |
Sorting is now working in ascending order for Type under Research > Product Database > Product Versions. The Type filter includes the options Software and Operating System. When sorting in ascending order, Operating System appears before Software. |
SVM-254 |
|||||||||||||||||||||
|
Analytics |
The number of levels of Organizational Unit (OU) restrictions have been removed for navigating Assessment Reports. |
SVM-257 |
|||||||||||||||||||||
|
Patching |
The Package filter option under Patching > Deployment now resets properly after clicking Reset. |
SVM-289 |
|||||||||||||||||||||
|
Settings |
Under Settings > API > XML Feeds the URLs have been corrected under the XML column. |
SVM-303 |
|||||||||||||||||||||
|
Dashboard |
Devices from deleted accounts are no longer processing data, which create more accurate device counts. |
SVM-306 |
|||||||||||||||||||||
|
Patching |
Improved detection logic on 64 bit machines so that publishing 32 bit and 64 bit packages to a 64 bit machine no longer leads to extra product being installed. |
SVM-308 |
|||||||||||||||||||||
|
Settings |
“Asset List” references have been replaced with “Watch List” in Watch List email alerts and throughout Settings > Workflow Management > Rules. |
SVM-309 |
|||||||||||||||||||||
|
Patching |
Patches filtered by “Affecting My Environment” now include End-of-Life products. |
SVM-314 |
|||||||||||||||||||||
|
Settings |
Removed a duplicate verification object when deleting user accounts. |
SVM-317 |
|||||||||||||||||||||
|
Analytics |
User account created through a migration from VIM4 has a report with sorting by impact type, which Software Vulnerability Manager does not support. |
SVM-318 |
|||||||||||||||||||||
|
Patching |
7-Zip and Foxit Reader can now be seen in the Patching console. |
SVM-321 |
|||||||||||||||||||||
|
Patching |
Adobe Flash NPAPI v. 17.x is now appearing as a non-assessment patch on Windows Server 2012 and Windows Server 2016. |
SVM-322 |
|||||||||||||||||||||
|
Dashboard |
Links in the Dashboard module for Most critical advisory affecting your security now direct user to the appropriate information under Assessment > Advisories > Advisory Details. |
SVM-326 |
|||||||||||||||||||||
|
Settings |
Removing users from User Groups and saving the necessary changes no longer shuts down Software Vulnerability Manager. |
SVM-331 |
|||||||||||||||||||||
|
Settings |
User role permissions have been restricted so that non-administrators cannot delete Watch List Groups. |
SVM-341 |
|||||||||||||||||||||
|
Assessment |
Reports are now successfully generated in PDF format. |
SVM-346 |
|||||||||||||||||||||
|
Analytics |
Under Analytics > Reports the Add Research Report and Add Assessment Report pages now load. |
SVM-351 |
|||||||||||||||||||||
|
Research |
The BID References link http://www.securityfocus.com/bid/101001 for NVIDIA Multiple Products Multiple Vulnerabilities - CVE-2017-6268 now works. |
SVM-361 |
|||||||||||||||||||||
|
Patching |
Fixed patching deployment for the Firefox browser. |
SVM-370 |
|||||||||||||||||||||
|
Online Help - Introduction |
Renamed the section “Account Basics” as “Getting Started with Software Vulnerability Manager”. For details, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Getting_Started_with_Software_Vulnerability_Manager.htm Added the following subsections:
|
N/A |
|||||||||||||||||||||
|
Online Help - Dashboard |
Clarified that Flexera’s definition of End-of-Life (EOL) software may differ from a software vendor’s. For details, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Dashboard.htm |
N/A |
|||||||||||||||||||||
|
Online Help - Assessment Scenarios |
Updated the section Run Assessment from System Center Configuration Manager (SCCM) to reflect current practice. For details, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Run_Assessment_from_System_Center_Configuration_Manager__SCCM_.htm |
N/A |
|||||||||||||||||||||
|
Online Help - Settings |
Added the section Daemon Log File Size. For details, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Daemon_Log_File_Size.htm |
N/A |
Product Feedback
Have a suggestion for how we can improve this product? Please come share direct feedback with the product team and vote on ideas submitted by other users in our Customer Community feedback page for Software Vulnerability Manager.
System Requirements
The Software Vulnerability Manager User Interface will resize and adapt when being used on different devices. You can access the system from anywhere using any device, such as a smartphone or tablet, running Internet Explorer 11 or higher, Chrome, Opera, Firefox, Safari and mobile browsers with an Internet connection capable of connecting to https://app.flexerasoftware.com.
Legal Information
Copyright Notice
Copyright © 2017 Flexera. All Rights Reserved.
This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.
All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.
Intellectual Property
For a list of trademarks and patents that are owned by Flexera, see https://www.flexera.com/producer/company/about/intellectual-property/. All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.
Restricted Rights Legend
The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.
Disclaimer
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. The provision of such information does not represent any commitment on the part of Flexera. Flexera makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Flexera shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The software described in this document is furnished by Flexera under a license agreement. The software may be used only in accordance with the terms of that license agreement. It is against the law to copy or use the software, except as specifically allowed in the license agreement. No part of this document may be reproduced or retransmitted in any form or by any means, whether electronically or mechanically, including, but not limited to: photocopying, recording, or information recording and retrieval systems, for any purpose other than the purchaser’s personal use, without the express, prior, written permission of Flexera.