Release Notes McAfee Vulnerability Manager 7.5.8

Transcription

1 Release Notes McAfee Vulnerability Manager About this release Resolved issues Installation instructions Known issues Find product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. Note See the McAfee Support website for the most latest documentation about this release. Purpose The patch fixes issues listed in the Resolved issues section and provides the latest libraries to fix OpenSSL vulnerabilities. Resolved issues These issues are resolved in this and previous releases of the product. MVM issues Correct operating system of an asset running on Windows 2012 is identified when you run a scan with credentials. ( , , , ) Correct vulnerability count is displayed on the Organizational trend count report dashboard. (981882) FASL script download resumes if the previous download session disconnected abruptly. (977350) TCP Services scan on all ports using the Full Connect Scan option does not fail with the Windows socket error (986444) Accepts SNMP Command for ticket verification. (987131) Paused time is no longer added to the host assessment time to avoid early time-out. (984466) FASL script updates to the scan engine do not fail or take a longer time. (988240) A scan does not fail when asset addresses of a host exceed the value range of a smallint (0 65,535) characters length. ( ) Tickets do not close automatically for Shell and Windows authentication based scans even when the authentication ports are blocked. (975621) Duplicate assets are no longer added to the MVM database. ( , ) Windows policy settings on the Policy Manager page can be updated. ( ) Vulnerability Count by Severity and Vulnerability Count Trend dashboards display consistent data. (974548) The Vulnerability Count by Severity dashboard does not contain deleted asset data. ( ) Discovery timeout value can be tweaked to avoid scan failures due to simultaneous scans. ( ) Custom reports include data about IP addresses of the active and inactive assets when a single date report is generated with Use Most Recent Data. ( ) Correct date and time are displayed on the drill-down page of the Vulnerability Count by Severity dashboard. ( )

2 Exported FASL scripts contain the value for Credentials Required. ( ) Blocked services data is not included in a custom report with Use Most Recent Data. ( ) PCI-based scan displays the correct result. ( ) MVM is now integrated with the out-of-box CyberArk 7.2. (973822) Multiple instances of vulnerabilities for the same asset are added in reports. ( ) Duplicate FASL scripts are not downloaded to scan engine. ( ) Some scripts that require Null/None credentials display correct results when scanned. (973361) MVM issues Provides a tweak to disable edit permissions for Workgroup admin accounts to change or delete scripts on the FASL editor. (896779) Scans do not fail when a web asset is added using the Browse option on the scan configuration page. (945267) Correct scan engine is displayed for scans that are scheduled to run in future. (946284) Tickets for vulnerabilities with Indeterminate results do not close automatically. (947361) Consistent asset data is imported even when using multiple LDAP data sources simultaneously. (950722) Custom reports include Vulnerability reports even when a single date report is generated with a specific date instead of the Use Most Recent Data option. (950764) User activities of deleted users are not logged in Ticket Activity. (952020) notifications for scan end display correct end time instead of incorrectly reporting the scan start time. (952020) A warning message to enter password no longer appears when the scan is configured to use Shell credentials with certificates and not a password. (952649) Results of running McAfee epo queries on asset tags do not include assets from Custom Report Templates even when they share a common name. (955815) Users can now be created with the password containing all supported special characters. (956093) A domain user can now log on using radius authentication and by symbol in the user name field. (963035) Custom reports generated in PDF format display correct report generation time. (963048) Provides a tweak to enable bulk import for CyberArk user credentials using a CSV file. (964042) Results of running MVM System Vulnerabilities query also include CVE data. (972800) Custom reports include data about IP addresses of the assets even when a single date report is generated with a specific date instead of the Use Most Recent Data. (954792) Scans do not fail with the error Missing FASL script after publishing custom scripts. (977967) Correct status message is displayed when there is a delay in applying dynamic tags to many assets. (957157) Scans report the correct operating systems of non-window assets instead of reporting their operating system as Windows. (980501) MVM issues Fixed the Vulnerability Check Configuration Report to display "FID" instead of "ID". Fixed the minutes to seconds conversion that determines the duration of the Transform.exe operation. Enhanced the report server to support the more compact form of the vulndatabase.xml content update file. Fixed empty CVE entry in the CyberScope report. Fixed Discovery module to select the source IP address most appropriate for the determined best route to the target.

3 Fixed hang condition in the Web Scanner engine by detecting and disallowing unsupported self-referring objects. Fixed premature web scanner process termination. Fixed the statistics shown in the Asset Identification Rules display. Fixed issues with creating unnamed WebApp, CredentialSet, and VulnSet with the scan configuration's organization instead of the logged in user's organization. Also unnamed WebApp are removed, when deleting a scan configuration. Fixed the scan post processing to select stale address entries as deletable and updated the search/query operations to ignore these address entries. Fixed reporting of duplicate services. Fixed the OVAL compare function between a multi-string state entity object and a multi-string variable reference. Fixed deadlock detection in FSAssessment when all queued batches have completed assessment but memory usage beyond the maximum threshold prevents the processing of additional batches. Fixed WHAM module to reduce the frequency of the close-connection log messages. improved its performance when running on networks with significant network latency. MVM issues Fixed Solaris OVAL Checks to capture results for processes that have started (oval-solaris.fasl3.inc). Fixed Cyberscope formatting by removing extra white space in: "cpe:/a:mcafee:vulnerability_manager:7.5.4" Fixed the engine selection/de-selection to give GlobalAdmin and OrgAdmin users the capability to add engines to a workgroup regardless of whether the engine is in use in the parent organization. Fixed warning message on deleting workgroups to include Web App Configs and Credential Sets as components that can prevent a user from being able to delete a workgroup. Fixed launching of shell scripts to randomize sequence and fixed timeout after submitting batches to FSAssessment for processing. Fixed the SQL datetime conversion error by changing the date format to be language-agnostic for the McAfee epo data synch operation. Fixed asset tagging based on vulnerability name. Improved the performance of the Dashboard display when the "Save Vulnerability Data" retain setting is configured with "All". Fixed scan engine to support enabling the Remote Registry service on WIN2K3 and WINXP targets. MVM issues Fixed the result processor to compute the FASL output hash regardless of the "System cryptography" local security policy setting. Fixed the web module access violation while parsing the web application URL. Fixed organization deletion so that credential sets are not deleted unless they are defined in the organization. MVM issues Fixed the asset IP address save operation to eliminate duplicates. Fixed MVM Data Import using McAfee epo data source filter. Improved the performance of the save scan. Fixed the asset advanced search to allow at least 10 IP addresses in the search criteria. Fixed the delete user operation to preserve the ticket status when possible. Fixed close ticket operation when invoked from SNMP.

4 Fixed violation of PRIMARY KEY constraint 'TagAssetsPK' error on scan startup. Fixed the Foundstone Notification Service crash when using SNMP. Extended the timeout for workgroup delete operations. Fixed the script return code to indicate non-vulnerable when the target OS does not match the script 's filter. Fixed the crash in FSAssessment.exe when logging long diagnostic messages. Fixed ticket verification when the target is unreachable. Fixed first found and last found dates in the CSV reports. Fixed Report Server transform process error due to premature timeout. Fixed CSV-only ed reports to exclude extraneous folder. Fixed report server crash while generating custom HTML report. Fixed scan description text. Fixed primary/secondary phone number text validation. Fixed the report generation schedule editor to preserve the recurring report generation schedule. Fixed SQL Server error when creating a Dynamic tag based on multiple IP addresses. Fixed Web Module authentication when using NTLM. MVM issues Fixed asset reconciliation to ignore previous (stale) IP address entries. Fixed MyFoundscore display in Enterprise Manager for workgroup administrators. Fixed possible XSS injection. Fixed Vulnerability Set filter for the "Patch Availability" condition. Fixed the error handler for the TCP banner grabbing in the Discovery module. Improved the performance of the WebModule XML result file generator and added logging of MVM build number in the "fsa" log file. Fixed the error "violation of primary key constraint" reported by stored procedure "ReconUpdateAssetProperties_Service_Vuln". Fixed OS identification to show 'R2' as it applies to Windows Server Updated the "Preferences" dialog box in the Foundstone Configuration Manager application to accept 548 as the maximum of days (approximately 1.5 years or 18 months). Fixed scan controller loop when the scan is finishing and the user who started the scan has been moved or deleted. Fixed detection of available network stacks before each scan and log diagnostic message if the required stack is not available. Fixed scanning of Windows8 and Windows2012 targets. Fixed TNS service protocol detection. Fixed OS filter in the Wireless module. Fixed retrieval of version number from remote files. MVM issues Fixed infinite loop in Discovery module during TCP/UDP fingerprinting. Fixed form authentication using a credential that includes the character "ñ".

5 Fixed FSAssessment crash in the FASLModule. Fixed date format specification for the FSUpdate table SQL query. Fixed XCCDF Benchmark reports for STIG templates. Fixed date conversion error while updating the job state on a British-English SQL Server. Fixed the MVM Data Import task invoked by the MVM extension. Fixed the Vuln Set rule editor to hide the preview button until the editor has completed processing. Fixed the workgroup-delete operation to display an error when the delete fails. Fixed the role editor to allow the viewing of the complete organization tree. Fixed the FASL engine script launcher to avoid running too many scripts simultaneously against a single target. Fixed Dashboard Risk Trend Graph not Loading. Fixed premature timeout determination made by the API and script monitoring object and improved its performance when running on networks with significant network latency. Installation instructions For information about installing or upgrading McAfee Vulnerability Manager, see McAfee Vulnerability Manager 7.5 Product Guide. Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 1 Go to the Knowledge Center tab of the McAfee ServicePortal at 2 In the Knowledge Base pane, click a content source: Product Documentation to find user documentation Technical Articles to find KnowledgeBase articles 3 Select Do not clear my filters. 4 Enter a product, select a version, then click Search to display a list of documents. Copyright 2015 McAfee, Inc. Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.