AppScan Source Fix Pack 1 for version 8.7

Downloadable files


This document describes how to download and install IBM Security AppScan Source 8.7 Fix Pack 1 (AppScan Source version

Download Description

This fix pack contains various bug fixes for AppScan Source version 8.7.

IMPORTANT: AppScan Source is affected by a vulnerability in OpenSSL (CVE-2014-0160). We strongly encourage you to apply the latest iFix, which addresses that vulnerability. See for more details - and, after applying AppScan Source version, follow the instructions in for applying the iFix.


This fix pack can only be applied to Security AppScan Source version 8.7. See the product user assistance for information about upgrading previous versions to version 8.7 before applying this fix pack. If you are upgrading early product versions, technote 1455145: Upgrading from versions 6.x to version 7.0 or 8.0 contains additional information.

Supporting Documentation
Document Description
System Requirements A detailed list of the supported hardware, operating systems and information related to IBM and third party software requirements.
Knowledge Center Browse or search on-line information related to the deployment, configuration and usage of the product.

Installation Instructions

See the Fix pack installation topic in the IBM Security AppScan Source Installation and Administration Guide that accompanies the download. This topic is also available in the product Knowledge Center collection at The IBM Security AppScan Source Installation and Administration Guide can also be downloaded at

Download package

This fix pack is available at Fix Central. To obtain the fix pack, use the direct Download links below or follow these instructions:

  1. Go to

  2. Select Security Systems in the Product Group list. The Product list will then display.

  3. Select IBM Security AppScan Source in the Product list. The Version list will then display.

  4. Select in the Installed Version list. The Platform list will then display.
    (You can also select in the Installed Version list. If you do this, select the Show fixes that get me to this version ( radio button in the Identify fixes page (see Step 6 below).)

  5. Select the appropriate platform in the Platform list, then click Continue.

  6. You can accept the defaults on the Identify Fixes page and click Continue.
    (If you selected in the Installed Version list (see Step 4 above), select the Show fixes that get me to this version ( radio button in the Identify fixes page.)

  7. The available fixes (based on your prior selections) will be displayed. Select the check box next to the fix that you want to download and then click Continue to proceed.

  8. You are prompted to sign in using your IBM ID and password, click Continue.
    NOTE: There are helpful links on this page if you need to Register or if you do not remember your password.

  9. In the Download options page, select the download method (Download using Download Director (default) or Download using your browser). In this page, leave the Include prerequisites and co-requisite fixes check box selected. Click Continue to proceed.

  10. In the Download files page, make the necessary selections to obtain the media.
    NOTE: You might see a JavaScript enablement permission window requesting your IBM ID and password.

Problems solved

APAR Title
PM72446 Environment variables in ppf files are replaced with hardcoded path after import
PM73841 Lost sinks marked as validation routines still show up as lost sinks
PM84639 CLI's SASE command does not enforce access privileges for setting the ASE URL
PM71923 Console output and scanner_exceptions log on a Japanese OS contains odd characters
PM74280 Appscan source java.exe process still running after AppScan Source clients are terminated
PM70059 Custom rules are not always added to project file after creation
PM73369 SRC: ORA-01704 when publishing assessments
PM85837 ouncemake applies to .C files (C++) the FileOptions intended for .c files (C)
PM87127 Not being able to mark a virtual lost sink as "not susceptible to taint
PM87904 Virtual Lost Sink reported on non-virtual method
PM84637 After adding an additional file extension, file does not show up in Explorer view
PM85020 Jars on the classpath from project dependencies tab are incorrectly displayed on one line
PM85379 Custom Validation is not saved in SolidDB
PM85645 Doc Defect: Doc references Quality > Data Flow Analysis > C/C++ which does not exist

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central (FC)?
Windows setup.exe 15 May 2013 English 376687323 FC
Linux setup.bin 15 May 2013 English 433999432 FC
Mac OS X setup.dmg 15 May 2013 English 299524437 FC

Technical support

Tab navigation

IBM Security Software Support Communities

  • Support Portal: Click the Support Portal tab above to begin configuring your support portal experience to review FAQs, lists of known problems, fixes, and a wealth of important support information.
  • IBM Security AppScan Source Support

AppScan Source licensing:

IBM Security AppScan Source provides a License Manager utility that is used for loading and updating license information on your client machine. This utility allows you to view your current license status - or you can use the utility to activate the product by importing a nodelocked license file or by using a floating license on a license server. Nodelocked licenses are tied to individual machines - while floating licenses can be checked out for use on different client machines.

The License Manager utility can be opened from the product installation wizard after installation is complete - or you can launch it from the Windows Start menu.

AppScan Source licenses are obtained from the IBM Rational License Key Center. For detailed information about obtaining licenses and license activation, see How to obtain and apply licenses for AppScan Source products and the Activating the software section of the IBM Security AppScan Source Installation and Administration Guide that accompanies the download. This topic is also available in the product information center at The IBM Security AppScan Source Installation and Administration Guide can also be downloaded at

Product Web site and features:

User assistance:

The AppScan Source Knowledge Center collection is available online at This help includes the product user guide PDFs and release notes.

General information about AppScan Source documentation can be found at Where to find documentation for AppScan Source.

Helpful Hints For Obtaining Technical Assistance:

Before you contact IBM Security Software Support, gather the background information that you need to describe the problem. When you describe a problem to an IBM software support specialist, be as specific as possible and include all relevant background information so that the specialist can help you solve the problem efficiently. To save time, know the answers to these questions:

  • What software versions were you running when the problem occurred?
  • Do you have logs, traces, or messages that are related to the problem?
  • Can you reproduce the problem? If so, what steps do you take to reproduce it?
  • Is there a workaround for the problem? If so, be prepared to describe the workaround.

If you have helpful information to diagnose or identify the problem on your system, you can provide this data by following the instructions to exchange information with IBM Technical Support.

Problems (APARS) fixed
PM72446, PM73841, PM84639, PM71923, PM74280, PM70059, PM73369, PM85837, PM87127, PM87904, PM84637, PM85020, PM85379, PM85645

Rate this page:

(0 users)Average rating

Add comments

Document information

More support for:

Security AppScan Source

Software version:

Operating system(s):

Linux, Mac OS X, Windows

Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation