IBM Support

AppScan Source Fix Pack 1 for version 8.7

Downloadable files


This document describes how to download and install IBM Security AppScan Source 8.7 Fix Pack 1 (AppScan Source version

Download Description

This fix pack contains various bug fixes for AppScan Source version 8.7.

IMPORTANT: AppScan Source is affected by a vulnerability in OpenSSL (CVE-2014-0160). We strongly encourage you to apply the latest iFix, which addresses that vulnerability. See for more details - and, after applying AppScan Source version, follow the instructions in for applying the iFix.


This fix pack can only be applied to Security AppScan Source version 8.7. See the product user assistance for information about upgrading previous versions to version 8.7 before applying this fix pack.

Supporting Documentation
Document Description
System Requirements A detailed list of the supported hardware, operating systems and information related to IBM and third party software requirements.
Knowledge Center Browse or search on-line information related to the deployment, configuration and usage of the product.

Installation Instructions

See the Fix pack installation topic in the IBM Security AppScan Source Installation and Administration Guide that accompanies the download. This topic is also available in the product Knowledge Center collection at The IBM Security AppScan Source Installation and Administration Guide can also be downloaded at

Download package

This fix pack is available at Fix Central. To obtain the fix pack, use the direct Download links below or follow these instructions:

  1. Go to

  2. Select Security Systems in the Product Group list. The Product list will then display.

  3. Select IBM Security AppScan Source in the Product list. The Version list will then display.

  4. Select in the Installed Version list. The Platform list will then display.
    (You can also select in the Installed Version list. If you do this, select the Show fixes that get me to this version ( radio button in the Identify fixes page (see Step 6 below).)

  5. Select the appropriate platform in the Platform list, then click Continue.

  6. You can accept the defaults on the Identify Fixes page and click Continue.
    (If you selected in the Installed Version list (see Step 4 above), select the Show fixes that get me to this version ( radio button in the Identify fixes page.)

  7. The available fixes (based on your prior selections) will be displayed. Select the check box next to the fix that you want to download and then click Continue to proceed.

  8. You are prompted to sign in using your IBM ID and password, click Continue.
    NOTE: There are helpful links on this page if you need to Register or if you do not remember your password.

  9. In the Download options page, select the download method (Download using Download Director (default) or Download using your browser). In this page, leave the Include prerequisites and co-requisite fixes check box selected. Click Continue to proceed.

  10. In the Download files page, make the necessary selections to obtain the media.
    NOTE: You might see a JavaScript enablement permission window requesting your IBM ID and password.

Problems solved

APAR Title
PM72446 Environment variables in ppf files are replaced with hardcoded path after import
PM73841 Lost sinks marked as validation routines still show up as lost sinks
PM84639 CLI's SASE command does not enforce access privileges for setting the ASE URL
PM71923 Console output and scanner_exceptions log on a Japanese OS contains odd characters
PM74280 Appscan source java.exe process still running after AppScan Source clients are terminated
PM70059 Custom rules are not always added to project file after creation
PM73369 SRC: ORA-01704 when publishing assessments
PM85837 ouncemake applies to .C files (C++) the FileOptions intended for .c files (C)
PM87127 Not being able to mark a virtual lost sink as "not susceptible to taint
PM87904 Virtual Lost Sink reported on non-virtual method
PM84637 After adding an additional file extension, file does not show up in Explorer view
PM85020 Jars on the classpath from project dependencies tab are incorrectly displayed on one line
PM85379 Custom Validation is not saved in SolidDB
PM85645 Doc Defect: Doc references Quality > Data Flow Analysis > C/C++ which does not exist

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
Windows setup.exe 15 May 2013 English 376687323 FC
Linux setup.bin 15 May 2013 English 433999432 FC
Mac OS X setup.dmg 15 May 2013 English 299524437 FC

Technical support

Licensing Information

Consult How to obtain and apply licenses for AppScan Source products.

User assistance

Known issues can also be found in the AppScan Source product documentation. See Where to find documentation for AppScan Source.

Helpful Hints For Obtaining Technical Assistance

Before you contact IBM Security Software Support, gather the background information that you need to describe the problem. When creating the ticket, provide this information:

  • What operation did you performed - and what error messages have you received?
  • The background information needed to understand the issue.
  • Version of AppScan Source. Make sure that you are opening the ticket for AppScan Source (there are several AppScan products supported by different teams).
  • Impact of the issue on your organization, schedule, and deadlines.
  • Upload logs, screen captures, and background information for the ticket.

Problems (APARS) fixed
PM72446, PM73841, PM84639, PM71923, PM74280, PM70059, PM73369, PM85837, PM87127, PM87904, PM84637, PM85020, PM85379, PM85645

Document information

More support for: IBM Security AppScan Source

Software version:

Operating system(s): Linux, OS X, Windows

Reference #: 4034935

Modified date: 02 May 2014

Translate this page: