Software Vulnerability Manager

Release Notes

October 2017

Introduction

Software Vulnerability Manager reimagines how software is secured by closing the gap between IT Security and IT Operations by providing industry leading security research, risk assessment and remediation through Software Vulnerability Manager’s key components:

Research: Keep up with the latest software vulnerability research and advisories from Secunia Research
Patching: Remediate software vulnerabilities in third-party applications
Assessment: Discover where software vulnerabilities are installed across your organization

New Features and Enhancements

The following table lists new features and enhancements for Software Vulnerability Manager.

Reference Number

Feature or Enhancement Description

SVM-97

Product logos now use the new Flexera logo.

SVM-116

Under Assessment > Devices > Device List there is a column titled Inventory Source. The Inventory Source option for CSI Agent now includes the agent version.

SVM-139

To keep terms consistent with Software Vulnerability Manager’s integration with FlexNet Manager Suite for Enterprises, the term “Asset List” has been changed to “Watch List” in the User Interface and online help files.

SVM-163

Software Vulnerability Manager’s Help menu now includes the online help link: http://helpnet.flexerasoftware.com/svm/Default.htm

SVM-164

Software Vulnerability Manager’s Help menu now includes release notes links:

Latest release notes: http://helpnet.flexerasoftware.com/#svm00
Earlier release notes: http://helpnet.flexerasoftware.com/#svm99

SVM-166 and SVM-167

The Software Vulnerability Manager API Help Library (http://helpnet.flexerasoftware.com/svm/api/Default.htm) was created to include the following API information:

Research
Assessment
Patching
Settings
HTTP Status Codes

SVM-168

Vulnerability Intelligence Manager 2016 offers XML email notifications once this permission-based option is enabled on the customer’s backend. Then the user can choose to receive emails in XML format from User profile > Personal Settings > Advisory type email.

SVM-176

Audit logs now create single login entries rather than duplicate entries.

SVM-186

The Research view filters in Software Vulnerability Manager are now listed in the same order as the Research view columns.

SVM-188

Added the following clarification to Chapter 2 of the Vulnerability Intelligence Manager 2016 R4 User Guide located in https://flexeracommunity.force.com/customer/CCDocumentation

Vulnerability Intelligence Manager 4 and SVM Research use separate databases for storing product and vendor information. Product and Vendor information from one database does not have a direct correlation to the other database.

SVM-190

Under Assessment > Devices > Device List the “EOL count” column has been renamed “EOL version”.

SVM-192 and SVM-193

Under Assessment > Devices > Device List the column order has been changed to:

Device Name
Platform
OS Version
System Score
Secure Products
Insecure Products
EOL Versions
Discontinued Products
Last Scanned
Inventory Source

Under Assessment > Devices > Device List the filter order has been changed to:

Device Name
Platform
OS Version
Has EOL Versions
Has Discontinued Products
Days since last Scan

SVM-196

Added the new Flexera logo to online help at http://helpnet.flexerasoftware.com/

SVM-197

On the Dashboard, the text “Delete” and the trashcan icon have been replaced with a red “X”.

SVM-200

Email notifications have the Software Vulnerability Manager product logo.

SVM-201

Browser tabs have the new Flexera logo.

SVM-204

If a machine has not checked in with Software Vulnerability Manager in 90 days, the machine will be removed from your view. If the machine checks in again, it will reappear.

Old downloads in each user account are now limited to the three highest versions of each download.

SVM-205

The definitions for Low, Medium, and High impact have been defined for the Create Watch List fields Confidentiality Requirement (CR), Integrity Requirement (IR), and Availability Requirement (AR).

SVM-206

Software Vulnerability Manager’s online help now includes a definition for Zero Day.

Under Assessment > Advisories > Advisory List > Advisory Details > Overview is a Zero Day field. Zero Day refers to a vulnerability that is actively exploited prior to its disclosure. A zero day is one criteria to increase criticality. For example, a typical “Highly Critical” vulnerability becomes an “Extremely Critical” vulnerability.

SVM-222

Under Vulnerability Manager > Ticketing there is a manual option to enter the user name who created the ticket in the Created by field in the Ticket Comments section.

SVM-253

Added Rejected Advisories information in the online help under Research > Advisory Database > Rejected Advisories.

SVM-264

In legal and copyright information, “Flexera Software” and “Flexera Software LLC” has been changed to “Flexera”.

Resolved Issues

The following table lists resolved issues for Software Vulnerability Manager.

Reference Number

Issue Summary

SVM-58

Corporate Software Inspector patch links have been resolved to create patch packages in Software Vulnerability Manager.

SVM-86

Celery settings were changed to process scan data within a couple of hours versus 24 hours.

SVM-90

Expired Software Vulnerability Manager accounts are deleted after three months.

SVM-92

APIs are disabled after an account expires.

SVM-93

In the Analytics console, reports are now generated per their custom schedule.

SVM-114

Duplicate PDF files are no longer generated in Analytics > Reports > Report Test > View Files > Generate PDF.

SVM-136

Searches under Research > Products Database > Products no longer append to existing search results when attempting a new search.

SVM-157

Under Settings > Workflow Management > Rules the notify user options Email, SMS, and Notify no longer display the Broadcast to Group option when the user selects “No”.

SVM-199

Coding comments have been removed from the Notification Center’s Notification field.

SVM-208

Mozilla Thunderbird patch now publishes to Microsoft’s Windows Server Update Services (WSUS).

SVM-238

Advisory and product views in the Assessment console have been corrected to show the correct number of installations.

SVM-242

Terms and Conditions hyperlink at the bottom of all the Software Vulnerability Manager pages now directs the user to the Flexera Terms and Conditions page: https://www.flexera.com/enterprise/company/terms/.

SVM-260

In the Research console, the “Upload File” option now successfully uploads CSV files that have software name, version, and URL in the file.

SVM-261

Under Patching > Deployment the Status option Loaded has been added to the filter list.

SVM-263

Updated online help with the following:

Added Delete option under Patching > Packages
Added Delete Deployment option under Patching > Deployment

SVM-273

Updated online help with the following:

Under Dashboard changed all the widget delete buttons to an X button.
Under Settings > Account added the Security Policy information.
Under Settings > Assessment > Download added the information for the Vulnerable Software Discovery Tool for Mac.
Under Analytics > Tickets > Tickets performance updated the graphic.

Product Feedback

Have a suggestion for how we can improve this product? Please come share direct feedback with the product team and vote on ideas submitted by other users in our Customer Community feedback page for Software Vulnerability Manager.

System Requirements

The Software Vulnerability Manager User Interface will resize and adapt when being used on different devices. You can access the system from anywhere using any device, such as a smartphone or tablet, running Internet Explorer 11 or higher, Chrome, Opera, Firefox, Safari and mobile browsers with an Internet connection capable of connecting to https://app.flexerasoftware.com.

Legal Information

Copyright Notice

Copyright © 2017 Flexera. All Rights Reserved.

This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.

All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.

Intellectual Property

For a list of trademarks and patents that are owned by Flexera, see www.flexerasoftware.com/intellectual-property. All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.

Restricted Rights Legend

The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.

Disclaimer

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. The provision of such information does not represent any commitment on the part of Flexera. Flexera makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Flexera shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The software described in this document is furnished by Flexera under a license agreement. The software may be used only in accordance with the terms of that license agreement. It is against the law to copy or use the software, except as specifically allowed in the license agreement. No part of this document may be reproduced or retransmitted in any form or by any means, whether electronically or mechanically, including, but not limited to: photocopying, recording, or information recording and retrieval systems, for any purpose other than the purchaser’s personal use, without the express, prior, written permission of Flexera.