Software Vulnerability Manager 2018 R2 (On-Premises Edition)

(formerly Corporate Software Inspector)

Release Notes

May 2018

Introduction

Flexera’s Software Vulnerability Manager 2018 is a Vulnerability and Patch Management Software Solution that facilitates a customized Patch Management process. It combines Vulnerability Intelligence, Vulnerability Scanning, and Patch Creation with Patch Deployment Tool Integration to enable targeted, reliable, and cost-efficient Patch Management.

Vulnerability and Patch Management are critical components of any security infrastructure because it enables proactive detection and remediation of vulnerabilities before they are actively exploited and your security compromised. With Software Vulnerability Manager 2018, IT Operations and Security Teams are empowered to prevent vulnerability threats from both Microsoft and non-Microsoft (third-party) product vulnerabilities, covering Microsoft Windows, Mac OS, and Red Hat Enterprise Linux.

Software Vulnerability Manager 2018 integrates seamlessly with Microsoft® WSUS and System Center Configuration Manager.

New Features and Enhancements

Software Vulnerability Manager 2018 R2 (On-Premises Edition) includes the following new features and enhancements:

Product Name Change - Software Vulnerability Manager 2018
General Data Protection Regulation (GDPR) Compliance
Support for CVSS version 3 score
Storing of missing/installed KBs reported for each scan
Reporting of domain site name for Mac OS X devices
New view to support reporting of IP/MAC address

Note • To see the following new features and enhancements in your Software Vulnerability Manager 2018 interface, you must refresh your browser’s cache.

Product Name Change - Software Vulnerability Manager 2018

Over the years, we have had great feedback from our customers that they are interested in building repeatable processes for the management of software vulnerabilities. As the product has evolved, we have outgrown our original name of Corporate Software Inspector. As you know, this powerful solution goes far beyond software inspection. To better reflect its broader scope, we are changing this solution’s name from “Corporate Software Inspector” to “Software Vulnerability Manager”. This change is a superficial one, but it helps better convey our solution as the complete vulnerability management solution that it represents. For more on where we started, are today and plan to go with Software Vulnerability Manager, read this short article on this change at our blog.

General Data Protection Regulation (GDPR) Compliance

To comply with the European Union’s General Data Protection Regulation (GDPR), folder names that contain user names (Example: C:\Documents and Settings\Username) are now referenced using environment variables instead of hard-coded paths (Example: %HOMEPATH%).

In Configuration > Settings > Mask paths that show user names, users can select Enable Masking to turn on the GDPR functionality of masking user name information (CSIL-8552).

Support for CVSS version 3 score

Support has been added to display CVSS scores using the newer v3 standard. Starting on May 18th, Flexera’s Secunia Research will begin entering all new CVSS scores using the v3 standard. Once we begin supplying CVSS v3 scores, you will be able to differentiate them from v2 score visually; values will be preceded by a “v2” or “v3” to indicate the scoring standard used to generate the value as indicated below (CSIL- 8589).

For more on CVSS, see https://nvd.nist.gov/vuln-metrics/cvss

Storing of missing/installed KBs reported for each scan

Missing and installed KBs reported by scans will be stored in a new table “csi_scan_kb”. This data will help debug vulnerabilities for Microsoft products. Users can export this data via the Database Console under Reporting (CSIL-8510).

Reporting of domain site name for Mac OS X devices

If the Active Directory integration option has been enabled, then the Mac OS X Agent will report the actual domain name for the site name (CSIL-8446).

Note • The Mac OS X Agent has to be installed by the user who has access to read domain information.

As of this release, Software Vulnerability Manager 2018 supports the following Mac OS X systems:

10.8 Mountain Lion
10.9 Mavericks
10.10 Yosemite
10.11 El Capitan
10.12 Sierra

New view to support reporting of IP/MAC address

Currently if users have selected to Allow Collection of Network Information, they can access the IP/MAC addresses reported in the latest assessment via the table “vw_csi_devices” (CSIL-8627).

Resolved Issues

Software Vulnerability Manager 2018 R2 (On-Premises Edition) has resolved the following issues:

Mac OS X Agent fix for Google Drive
Automatic logout after a password change

Mac OS X Agent fix for Google Drive

Certain Mac machines installed with MenuMeters, Google Drive, or Box failed to scan using the SVM2018 Mac OS X Agent. This issue has been resolved (CSIL-8387).

Automatic logout after a password change

When users change their password, they will automatically be logged out of Software Vulnerability Manager 2018. This security measure helps prevent an attacker from remaining logged in on a separate computer after discovering the user’s initial username and password (CSIL-8598).

Product Feedback

Have a suggestion for how we can improve this product? Please come share direct feedback with the product team and vote on ideas submitted by other users in our online community at https://flexeracommunity.force.com/customer/ideas/ideaList.apexp.

System Requirements

To use the Software Vulnerability Manager 2018 console, your system should meet the following requirements:

Minimum resolution: 1024x768
Internet Explorer 11 or higher (Scan results can also be viewed from other browsers)
Internet connection capable of connecting to http(s)://csi_server_name/.
The http(s)://csi_server_name/ should be white-listed in the Firewall/Proxy configuration
First-Party cookie settings at least to Prompt (in Internet Explorer)
Allow session cookies
A PDF reader

Legal Information

Copyright Notice

Copyright © 2018 Flexera.

This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.

All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.

Intellectual Property

For a list of trademarks and patents that are owned by Flexera, see https://www.flexera.com/producer/company/about/intellectual-property/. All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.

Restricted Rights Legend

The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.

Disclaimer

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. The provision of such information does not represent any commitment on the part of Flexera. Flexera makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Flexera shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The software described in this document is furnished by Flexera under a license agreement. The software may be used only in accordance with the terms of that license agreement. It is against the law to copy or use the software, except as specifically allowed in the license agreement. No part of this document may be reproduced or retransmitted in any form or by any means, whether electronically or mechanically, including, but not limited to: photocopying, recording, or information recording and retrieval systems, for any purpose other than the purchaser’s personal use, without the express, prior, written permission of Flexera.