Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
The Vulnerability Response application has been updated to correctly handle risk score recalculation when a risk change approval is in place. Previously, when a vulnerability scanner re-imported data, the system had no way to identify whether an approved risk change was an increase or a decrease, which could result in incorrect score adjustments. This update ensures the right risk score is applied consistently, even after a re-scan.
- Risk scores adjusted via an approved risk change are correctly maintained when vulnerability data is re-imported from a scanner
- The system accurately identifies the direction of an approved risk change (increase or decrease) to apply the correct score
- Works seamlessly alongside the Exception Management compensating controls workflow
New:
- Added support for preserving approved risk changes during vulnerability score recalculation.
Fixed:
- Fixed an issue where approved risk increases were not preserved after reimporting vulnerability scans.
- The following dependency plugins for Vulnerability Response must be activated:
- com.snc.vul_dep plugin for Vulnerability Response Dependencies
- The following Security Operations applications must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Security Exposure Management (requires entitlement from the store)
- Permissions and roles
- Roles required:
- System Admin (admin) for installation
- For Configuration:
- Application Security Manager (User part of App-Sec Manager group) for Application Vulnerability Response
- For access to the Vulnerability Response Workspaces:
- IT Remediation Workspace: sn_vul.remediation_owner
- Roles required: