Software Vulnerability Manager
Release Notes
February 2018
Introduction
Software Vulnerability Manager reimagines how software is secured by closing the gap between IT Security and IT Operations by providing industry leading security research, risk assessment and remediation through Software Vulnerability Manager’s key components:
| • | Research: Keep up with the latest software vulnerability research and advisories from Secunia Research |
| • | Patching: Remediate software vulnerabilities in third-party applications |
| • | Assessment: Discover where software vulnerabilities are installed across your organization |
New Features and Enhancements
The following table lists new features and enhancements for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the new feature or enhancement.
|
Affected Module(s) |
Feature or Enhancement Description |
Reference Number |
|||||||||
|
Patching, |
Added custom paths to patch profiles under Patching > Profiles. Custom patch profiles may be specified to account for multiple or non-standard installation paths to aid in detection of such applications. For the online help reference, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Patch_Profiles.htm |
SVM-203 |
|||||||||
|
Research, |
If you select Hide rejected advisories under Settings > Account > Account Options:
For the online help reference, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Advisories.htm |
SVM-255 |
|||||||||
|
Patching, |
Added Manual (External) Signing of Patches to support manual certificate signing processes. For the online help reference, see: http://helpnet.flexerasoftware.com/svm/Default.htm#helplibrary/Manual_Signatures.htm |
SVM-269 |
|||||||||
|
Settings, |
Under Settings > Workflow Management > Rules users can create an optional notification process for sending an advisory and ticket information after approval:
For the online help reference, see: |
SVM-300 |
|||||||||
|
Patching |
Under Patching > Packages, users can now select multiple Package names and click the Actions button to publish multiple packages. |
SVM-425 |
|||||||||
|
All modules |
To comply with the European Union’s General Data Protection Regulation (GDPR), folder names that contain user information (Example: C:\Documents and Settings\Username) have been concealed using environment variables instead of hard-coded paths (Example: %HOMEPATH%). |
SVM-435 |
Resolved Issues
The following table lists resolved issues for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the resolved issue.
|
Affected Module(s) |
Issue Summary |
Reference Number |
|||||||||||||||
|
Analytics |
The calculations for Advisories for Impact have been corrected for Report Tests that are generated under Analytics > Reports. |
SVM-115 |
|||||||||||||||
|
Dashboard |
The Advisories released last year graph now resizes correctly to fit within the screen. |
SVM-128 |
|||||||||||||||
|
Vulnerability Manager |
Users who are assigned the Watch List Reader role now have the user permissions to view Shared Watch Lists under Vulnerability Manager > Watch Lists & Advisories > Shared Watch Lists. |
SVM-319 |
|||||||||||||||
|
Assessment |
Recreated an automated process for collecting Red Hat Package Manager (RPM) file information for Red Hat vulnerability data. |
SVM-366 |
|||||||||||||||
|
Research |
Users can now suggest Mac OS software under Research > Products Database > Suggest Software. |
SVM-367 |
|||||||||||||||
|
Assessment |
To provide clarity and to be consistent with the Dashboard graphics’ labeling, the pie charts under Assessment > Overview have been labeled Devices - System Score and Products - Status. |
SVM-400 |
|||||||||||||||
|
Assessment |
When downloading CSV files in the Assessment module, the CSV files now include the following results to match the User Interface (UI):
|
SVM-412 |
|||||||||||||||
|
Research |
Under Research > Advisory Database > Advisories users can open Secunia Advisories in the SAID column. After opening the advisory, user can open the link in the Secunia CVSS Scores field to modify the Environmental Score Metrics > General Modifier Metric > Set the Percentage of vulnerable system (TargetDistribution) to None. The overall CVSS score now appears as zero. |
SVM-413 |
|||||||||||||||
|
Patching |
Users are now able to select Publish selected packages under Patching > Packages > Actions. |
SVM-414 |
|||||||||||||||
|
Analytics |
Research reports generated under Analytics > Reports > Add Research Report create a CSV and a PDF file. The list of advisory data now matches between the CSV and PDF files. |
SVM-436 |
|||||||||||||||
|
Settings |
Under Settings > User Management the group to which a user belongs to can now be updated by another administrator account. |
SVM-440 |
|||||||||||||||
|
Patching |
Adobe Flash Player NPAPI and PPAPI packages were showing up on hosts that do not need the packages because NPAPI and PPAPI file names have version numbers, which are not supported by WSUS. To address this issue, NPAPI and PPAPI are now detected based on their registry version key. |
SVM-451 |
|||||||||||||||
|
Vulnerability Manager |
When using the filter option under Vulnerability Manager > Ticketing, users can enter a SAID number in the SAID field of the filter. The Reset button now clears the SAID field. |
SVM-474 |
|||||||||||||||
|
Assessment, |
When all the devices in a Device List have a System Score and the user selects the Unknown or Not Calculated filter for a device Under Assessment > Devices > Device List the result is now a null result. The correlating null result for the Unknown or Not Calculated filter is now also reflected in the Devices by System Score pie chart under Analytics > Devices. |
SVM-488 |
System Requirements
The Software Vulnerability Manager User Interface will resize and adapt when being used on different devices. You can access the system from anywhere using any device, such as a smartphone or tablet, running Internet Explorer 11 or higher, Chrome, Opera, Firefox, Safari and mobile browsers with an Internet connection capable of connecting to https://app.flexerasoftware.com.
Legal Information
Copyright Notice
Copyright © 2018 Flexera.
This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.
All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.
Intellectual Property
For a list of trademarks and patents that are owned by Flexera, see https://www.flexera.com/producer/company/about/intellectual-property/. All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.
Restricted Rights Legend
The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.
Disclaimer
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. The provision of such information does not represent any commitment on the part of Flexera. Flexera makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Flexera shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The software described in this document is furnished by Flexera under a license agreement. The software may be used only in accordance with the terms of that license agreement. It is against the law to copy or use the software, except as specifically allowed in the license agreement. No part of this document may be reproduced or retransmitted in any form or by any means, whether electronically or mechanically, including, but not limited to: photocopying, recording, or information recording and retrieval systems, for any purpose other than the purchaser’s personal use, without the express, prior, written permission of Flexera.