Software Vulnerability Manager

Release Notes

February 2018


Software Vulnerability Manager reimagines how software is secured by closing the gap between IT Security and IT Operations by providing industry leading security research, risk assessment and remediation through Software Vulnerability Manager’s key components:

Research: Keep up with the latest software vulnerability research and advisories from Secunia Research
Patching: Remediate software vulnerabilities in third-party applications
Assessment: Discover where software vulnerabilities are installed across your organization

New Features and Enhancements

The following table lists new features and enhancements for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the new feature or enhancement.

Affected Module(s)

Feature or Enhancement Description



Online Help

Added custom paths to patch profiles under Patching > Profiles. Custom patch profiles may be specified to account for multiple or non-standard installation paths to aid in detection of such applications.

For the online help reference, see:


Online Help

If you select Hide rejected advisories under Settings > Account > Account Options:

The Advisory Type filter will not appear under Research > Advisory Database > Advisories.
The search result “No advisories found” appears under Research > Advisory Database > Rejected Advisories.

For the online help reference, see:


Online Help

Added Manual (External) Signing of Patches to support manual certificate signing processes.

For the online help reference, see:


Online Help

Under Settings > Workflow Management > Rules users can create an optional notification process for sending an advisory and ticket information after approval:

When Flexera issues an advisory for one of the watch lists, which require approval, an email and SMS are sent to the approver group to approve the advisory.
After the approval managers approve the advisory, an email is sent to all users in the approval group notifying that the advisory is approved.
The ticket resolver group receives the ticket details and the advisory as an attachment along with the SMS.

For the online help reference, see:



Under Patching > Packages, users can now select multiple Package names and click the Actions button to publish multiple packages.


All modules

To comply with the European Union’s General Data Protection Regulation (GDPR), folder names that contain user information (Example: C:\Documents and Settings\Username) have been concealed using environment variables instead of hard-coded paths (Example: %HOMEPATH%).


Resolved Issues

The following table lists resolved issues for Software Vulnerability Manager. The Affected Module(s) column refers to the specific Software Vulnerability Manager module(s) affected by the resolved issue.

Affected Module(s)

Issue Summary




The calculations for Advisories for Impact have been corrected for Report Tests that are generated under Analytics > Reports.



The Advisories released last year graph now resizes correctly to fit within the screen.


Vulnerability Manager

Users who are assigned the Watch List Reader role now have the user permissions to view Shared Watch Lists under Vulnerability Manager > Watch Lists & Advisories > Shared Watch Lists.



Recreated an automated process for collecting Red Hat Package Manager (RPM) file information for Red Hat vulnerability data.



Users can now suggest Mac OS software under Research > Products Database > Suggest Software.



To provide clarity and to be consistent with the Dashboard graphics’ labeling, the pie charts under Assessment > Overview have been labeled Devices - System Score and Products - Status.



When downloading CSV files in the Assessment module, the CSV files now include the following results to match the User Interface (UI):

Operating System column is present in the CSV file.
Inventory Source column is present in the CSV file.
Inventory System column is not present in the CSV, as it is not present on the UI.
The data in the CSV is now in the same order as on the UI.
The column names match with the names on the UI.



Under Research > Advisory Database > Advisories users can open Secunia Advisories in the SAID column. After opening the advisory, user can open the link in the Secunia CVSS Scores field to modify the Environmental Score Metrics > General Modifier Metric > Set the Percentage of vulnerable system (TargetDistribution) to None. The overall CVSS score now appears as zero.



Users are now able to select Publish selected packages under Patching > Packages > Actions.



Research reports generated under Analytics > Reports > Add Research Report create a CSV and a PDF file. The list of advisory data now matches between the CSV and PDF files.



Under Settings > User Management the group to which a user belongs to can now be updated by another administrator account.



Adobe Flash Player NPAPI and PPAPI packages were showing up on hosts that do not need the packages because NPAPI and PPAPI file names have version numbers, which are not supported by WSUS. To address this issue, NPAPI and PPAPI are now detected based on their registry version key.


Vulnerability Manager

When using the filter option under Vulnerability Manager > Ticketing, users can enter a SAID number in the SAID field of the filter. The Reset button now clears the SAID field.



When all the devices in a Device List have a System Score and the user selects the Unknown or Not Calculated filter for a device Under Assessment > Devices > Device List the result is now a null result.

The correlating null result for the Unknown or Not Calculated filter is now also reflected in the Devices by System Score pie chart under Analytics > Devices.



System Requirements

The Software Vulnerability Manager User Interface will resize and adapt when being used on different devices. You can access the system from anywhere using any device, such as a smartphone or tablet, running Internet Explorer 11 or higher, Chrome, Opera, Firefox, Safari and mobile browsers with an Internet connection capable of connecting to

Legal Information

Copyright Notice

Copyright © 2018 Flexera.

This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.

All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.

Intellectual Property

For a list of trademarks and patents that are owned by Flexera, see All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.

Restricted Rights Legend

The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.


Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. The provision of such information does not represent any commitment on the part of Flexera. Flexera makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Flexera shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The software described in this document is furnished by Flexera under a license agreement. The software may be used only in accordance with the terms of that license agreement. It is against the law to copy or use the software, except as specifically allowed in the license agreement. No part of this document may be reproduced or retransmitted in any form or by any means, whether electronically or mechanically, including, but not limited to: photocopying, recording, or information recording and retrieval systems, for any purpose other than the purchaser’s personal use, without the express, prior, written permission of Flexera.