Jul 28, 2022
01:59 AM
Great news specially with the tracking option as this was a gap always to know what we did and the status of it 😀
... View more
Jun 02, 2022
02:52 PM
any ideas on what is needed to get this working on-premises? I can't get WSUS to connect in IEMode. works fine in IE. Maybe I'm missing an additional url for the WSUS pop up? we are using http://x.x.x.x/CSI
... View more
Apr 01, 2022
05:33 PM
4 Kudos
@TeriStevenson,
I responded to a similar question that you posted on Data Platform blog. Please take a look and let us know if you have any further questions.
... View more
Jan 13, 2022
06:57 AM
@Howardmp We only deploy all Redhat this Friday the new agent. The 7.6.0.18 was able to find already log4j1.2. We will only see if more comes in after 7.6.0.19 went out. Mac, we not really use and only limited scope. Lukas
... View more
Dec 16, 2021
06:38 AM
1 Kudo
If you don’t see anything, it is because no products with known vulnerabilities are found. You can expect new disclosures on a daily basis, so keep watching.
Shoggi is correct in his statement above. I just wanted to point out that it is not the intent of SVM to scan jar files—it not a product deficiency but rather, is out of scope. SVM focuses exclusively on assessing known vulnerable software versions. It uses file signatures to determine the presence of known vulnerable software versions and matches that with research and patches to help you identify and remediate such. So, if Log4j is installed on a system, we will detect it, but that is not typically how Log4j is distributed—rather it is included as a component of another third-party application. In such a case, it will be identified as vulnerable if/when the software including it is disclosed as vulnerable, we write an advisory and create a file signature to detect it.
That said, we are prioritizing a potential product enhancement that would allow SVM to provide an awareness report to identify specific components like Log4j embedded within your installed software. This would be a new use case for SVM as it would help provide awareness, but you would not be able to remediate it by patching as SVM is traditionally leveraged. This is due to the fact that the product bundling the component is what needs to be patched, so this would be a new reporting-focused use case versus a patch-focused one. Actually patching a vulnerable component will continue to require targeting the application that is shipping the component, versus the component itself.
... View more
Dec 13, 2021
07:46 AM
1 Kudo
Lucas,
The SVM only scans DLL, exe, and ocx files and cant scan and report on .jar files. At this point, we strongly recommend you contact the official product vendor and follow the vendor's official remediation process. From the SVM perspective, we have issued a couple of advisories covering CVE-2021-44228. For example SA105668 Debian update for apache-log4j2 SA105493 VMware Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability SA105503 Cisco Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability SA105528 Debian update for apache-log4j2 SA105630 Apache log4j JNDI Arbitrary Code Execution Vulnerability
... View more
Sep 29, 2021
01:51 PM
It is not publicly available yet but is scheduled to be in just a couple of weeks (in October), however, if you'd like to meet sooner, I'd be happy to show it off and get your feedback.
... View more
Mar 12, 2021
07:42 AM
Sorry for any confusion, as a back end data update, this change took place for the Threat Intelligence module for both SVR and SVM simultaneously. We happened to time it with the release of an SVR update but, as I tried to highlight in the title of this announcement, it affects both SVM and SVR.
... View more
Jan 21, 2021
01:47 PM
1 Kudo
Thank you for the kind words @gareth_moss ! And for an excellent question. I will be moving any ideas from this thread into the new "Ideas" area down the road, with the hopes that it might be done by the author's of those ideas directly. That way, you get notified of status changes, etc. (and also have a chance to elaborate on earlier requests)!
For all:
I would appreciate you posting your ideas directly so that you are the author of the idea.
General tip:
Please try to include the reason for the request-- what problem would the enhancement help to solve? Why is it important? Providing a solution without ensuring an understanding of the problem it will solve makes it harder to assign value to a request.
... View more
Dec 09, 2020
02:41 PM
[IMPORTANT UPDATE: 9 December 2020] Great news - Our Flexera customer and partner community now have a direct opportunity to share ideas and participate in future feature planning. Learn more and add your ideas via the Ideas Portal moving forward. Please note if you have added an idea to this discussion, we will migrate the idea to the new portal and notify you once it's been done. Thank you to everyone for active participation!
... View more
May 19, 2020
02:43 AM
4 Kudos
Great to see that you listen to customer voice 🙂 Thanks for approving the enhancement.
... View more
Oct 02, 2019
02:32 PM
2 Kudos
Hi, I have tried it. Just it might help customers with more then one account in the cloud. Just the solution we've asked is still not possible. I can filter now by dedicated host smart group + product smart group. But then you end up with either Get products or get hosts csv files. We wanted to see all devices within Host Smart Group e. g. Win10 devices only and show then the unsecure software for this host smart group of the product smart group. This is still not possible. Regards Lukas
... View more
Latest posts by Shoggi
Subject | Views | Posted |
---|---|---|
185 | Jul 28, 2022 01:59 AM | |
487 | May 24, 2022 09:38 AM | |
1147 | Jan 13, 2022 06:57 AM | |
8541 | Jan 12, 2022 02:18 PM | |
1183 | Jan 11, 2022 01:31 PM | |
1227 | Jan 05, 2022 01:05 PM | |
795 | Dec 16, 2021 02:42 AM | |
713 | Dec 13, 2021 06:42 AM | |
41421 | Dec 13, 2021 02:52 AM | |
955 | Sep 29, 2021 09:25 AM |
Activity Feed
- Posted Re: SVM July 2022 Update on Software Vulnerability Management Release Blog. Jul 28, 2022 01:59 AM
- Posted Re: Flexera SVM and Microsoft Internet Explorer EoSL on Software Vulnerability Management Blog. May 24, 2022 09:38 AM
- Posted Re: SVM December Update for Log4j Detection on Software Vulnerability Management Release Blog. Jan 13, 2022 06:57 AM
- Posted Re: Flexera’s response to Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44228 on Community Notices. Jan 12, 2022 02:18 PM
- Got a Kudo for Re: Flexera’s response to Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44228. Jan 12, 2022 02:18 PM
- Posted Re: SVM December Update for Log4j Detection on Software Vulnerability Management Release Blog. Jan 11, 2022 01:31 PM
- Posted Re: SVM December Update for Log4j Detection on Software Vulnerability Management Release Blog. Jan 05, 2022 01:05 PM
- Posted Re: Identifying Apache Log4j JNDI Vulnerability “Log4Shell” (CVE-2021-44228, CVE-2021-4104) on Software Vulnerability Management Blog. Dec 16, 2021 02:42 AM
- Got a Kudo for Re: Identifying Apache Log4j JNDI Vulnerability “Log4Shell” (CVE-2021-44228, CVE-2021-4104). Dec 16, 2021 02:42 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) for raslam. Dec 13, 2021 07:49 AM
- Got a Kudo for Security Advisory: Log4j Java Vulnerability (CVE-2021-44228). Dec 13, 2021 07:24 AM
- Posted Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) on Software Vulnerability Management Forum. Dec 13, 2021 06:42 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) for ChrisG. Dec 13, 2021 06:38 AM
- Posted Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) on Community Notices. Dec 13, 2021 02:52 AM
- Kudoed MSIX? AdminStudio Has You Covered for bkelly. Nov 04, 2021 05:47 PM
- Got a Kudo for Re: SVM September Update. Sep 29, 2021 12:21 PM
- Posted Re: SVM September Update on Software Vulnerability Management Release Blog. Sep 29, 2021 09:25 AM
- Kudoed EOL Status of Microsoft Products for bkelly. Jun 17, 2021 04:10 PM
- Posted Re: New and Improved Threat Scores in SVM and SVR on Software Vulnerability Management Blog. Mar 12, 2021 04:37 AM
- Posted Re: New and Improved Threat Scores in SVM and SVR on Software Vulnerability Management Blog. Mar 11, 2021 04:09 PM