Have you tried restarting the Patch automation daemon to refresh the token? Would you please open the patch automation toolkit and click close by checking the restart button? This will refresh the token and then try to publish the package again.  ... View more

Riaz,  We had issued a rejected advisory SA104049  covering both products on 13 September. Please find the details below.  Advisory Details: Description: A security notice has been issued for VMware Tanzu Ops Manager and VMware Tanzu Application Service for VMs, where an issue is rejected due to having no valid exploitation scenario. Reason for rating: 1) While the issue is present in the respective product, the vendor does not present any valid exploitation scenario. Original advisory: https://tanzu.vmware.com/security/usn-4719-1 Please look at the below link to learn why and how Secunia research rejects an advisory for specific products.  https://docs.flexera.com/svr/ug/Content/helplibrary/Rejected_Advisories.htm?Highlight=rejected -Raheel  ... View more

Ayush,  We already have an ongoing support ticket with Flexera SVM, and now we have replied to that ticket. We encourage you to log in to your Flexera Support community portal and respond to the ongoing  SVM support ticket.  ... View more

We might need a support ticket from your side to investigate this further. Would you please create a ticket via your Flexera Support Community account? We will schedule a call with you to investigate further.  ... View more

We did more investigation, and it seems like one of your watchlists where you have added a red hat as a vendor, and a red hat owns Cygwin product, so it is coming into your reports. We have successfully tested this internally. Please check all your watchlists if you have red hat added as a vendor and get back to us? ... View more

Would you please elaborate a little more about your issue? For example, how many products do you have in your watchlist and generated report has added which product is not on the watchlist? So we can try to reproduce it and get back to you accordingly.  ... View more

We detect the  Bootcamp product as an individual product with detection rules, etc., and therefore report it in the SVM console. This could be, your MAC is on the latest up-to-date version, but the Bootcamp product is still on old product version metadata.  ... View more

Hello,  We have investigated based on the information provided by you. Apparently, we have issued all advisories for the product which are available in our database. If any product is not available in our DB, we don't issue an advisory for that.  Please note: If the product is not part of our vulnerability database, we encourage our customers to suggest the product via SVR > Research > Product Database > Suggest Software. Once a product will be added to the database, we don't issue advisory retroactivity; instead, the customer will receive the future advisories for that product.  For example:  CVE-2021-33698 CVE-2021-33700 CVE-2021-33704 SAP Business One version 10.x is not available in our product DB, and therefore we haven't issued an advisory.  CVE-2021-33690 CVE-2021-33700 SA103633 ( Advisory issued) CVE-2021-33701 DMIS Mobile Plug-In is not available in our product DB SAP S/4HANA, we are still investigating and will get back to you.  CVE-2021-33705 CVE-2021-33703 CVE-2021-33702 SA103567 ( Advisory issued) CVE-2021-33699 SAP Fiori Client Native Mobile for Android is not available in our product DB CVE-2021-33691 CVE-2021-33690 SA103633 ( Advisory issued) CVE-2021-33695 SAP Cloud Connector, Version - 2.0 is not available in our product DB CVE-2021-21473 SA102509 ( Advisory issued) CVE-2021-33707 SA103634 ( Advisory issued) CVE-2021-33697 CVE-2021-33696 SA103576 ( Advisory issued) We hope this clarifies, and please make sure you have suggested the products via your SVR for future advisories.  Regards, Raheel  ... View more

Apologies for that. Unfortunately, we don't have 2FA for SVM. Please feel free to log it as an enhancement via your Flexera support Community Ideas page.  https://community.flexera.com/t5/Using-Flexera-Ideas/How-do-I-submit-a-new-Idea/ta-p/194157 ... View more

Are you sure you are logging in with the root admin account of SVR? Since we have just re-tested it and it works fine.  -Raheel  ... View more

We have checked the detection rules for the  Bootcamp product from the backend, and it looks correct. Have you checked the metadata of product versioning of Bootcamp from your latest up-to-date Mac machine? If the metadata of the file shows the latest version of the product, please try to create a case with Flexera SVM support so we can further assist you with that.  If the metadata shows the older version of the product, then SVM might be showing the right product status.  ... View more

 We believe you have disabled the 2-factor authentication for sub-users. Please login to your SVR account with the root admin account and go to Settings > Account > Security Policy and uncheck the  Disable two-factor authentication for sub-users option. The users can further log in with their respective accounts and check the status of 2-factor authentication from their user profile.     -Raheel  ... View more

Would you please share the screenshot from SVM of the version currently detecting in your environment?  ... View more

This could be an issue of Zombie files been detected by SVM.  Zombie  files are files that were left behind after removing or applying a product/patch. Software Vulnerability Manager will pick up these files since these are listed in the Software Vulnerability Manager file signature as related to an Insecure or End-Of-Life product. Select the Hide  Zombie  Files check box to ensure that  zombie  files will not be included in any scan results. With the Hide  Zombie  Files setting enabled, only the highest version of the discovered product will be displayed in the scan results. To activate the Hide  Zombie  Files setting, please go to configuration > settings, and then a new scan is needed to change the scan results.   ... View more

We have reverified the information. Apparently,  Path is skipped because it has "Installer" in the file path. There is a hardcoded rule not to scan a folder with the "Installer" List of other default blocked paths in the scan rules.  ... View more