IBM Security AppScan Enterprise fixpack 18.104.22.168 available at FixCentral
This document describes how to download and install the 22.214.171.124 Fix Pack for IBM Security AppScan Enterprise.
This fix pack synchronizes the versions across the AppScan product suite to simplify centralized management (the installation or updating of client components). AppScan Enterprise 9.0.3 fix pack versions are 126.96.36.199 (released on 04/26/16) and 188.8.131.52 (released on 10/26/16).
Note: This Fix Pack is a full release. You can use this Fix Pack to install AppScan Enterprise from scratch, or to upgrade your AppScan Enterprise from any earlier release as described in the attached readme file:
Check open mic recording from Nov 16, 2016: New features in AppScan Standard/Enterprise/Source version 184.108.40.206.
You can locate the Fix Pack on Fix Central using the following directions:
- Go to http://www.ibm.com/support/fixcentral/ and sign in using your IBM ID and password.
- Click the Select product tab, select Security Systems in the Product Group list, and click Continue.
- Select IBM Security AppScan Enterprise in the Product list.
- Select 220.127.116.11 in the Installed Version list.
- Select Windows or Linux in the Platform list, and click Continue.
- In the Identify fixes page, select Browse for fixes (or choose another search method), and click Continue.
- In the Select fixes page, select the check box "fix pack: AppScanEnterprise-Windows-18.104.22.168-platform name", and click Continue.
- Enter in your Passport Advantage credentials into the Sign in page and click Continue.
- In the Download options page, choose your download method (Download Director or your browser), and click Continue.
Hardware and software requirements are available at: http://www.ibm.com/support/docview.wss?uid=swg27027541
Note: This Fix Pack, AppScan Enterprise version 22.214.171.124, shares documentation with AppScan Enterprise version 9.0.3.
The Interactive Installation Guide is available at http://www.ibm.com/support/knowledgecenter/SSW2NF_9.0.3/com.ibm.ase.help.doc/topics/roadmap_ase_install.html. A Planning & Installation Guide in PDF is available at the IBM Publications Center.
This section takes you through the steps to install the FixPack.
1. Navigate to the directory where you downloaded the executable and extract the complete contents of ASE.zip, including AppScanEnterpriseServerSetup_126.96.36.199.exe.
Note: The executables for the GSC Explorer (ASE_GSCSetup.exe) and the Manual Explorer tool (ManualExplorerSetup.exe) are included in the AppScanEnterpriseServerSetup_188.8.131.52.exe and available for download through the UI, but are also provided as optional separate downloads. If you install AppScanEnterpriseServerSetup_184.108.40.206.exe, you do not need to run the executables separately.
2. To install AppScan Enterprise Server, double-click AppScanEnterpriseServerSetup_220.127.116.11.exe and continue with steps 4-7 below.
3. To install the Dynamic Analysis Scanner, double-click ASE_DASSetup_18.104.22.168.exe and continue with steps 4-7 below.
How critical is this fix?
|PI68701||Generating detailed security report with more than 5000 issues could cause IIS to crash|
|PI68479||Export from AppScan Standard 22.214.171.124 creates job with 0 URLs and 13 reports only|
|PI66007||Zip module fails to save the zip of the database when FIPS-140-2|
|PI65989||Users with a Reporting User Floating license cannot create import jobs|
|PI65529||Some jobs are not properly upgraded with respect to DOM Similar and redundant path limit, not the Glass Box one|
|PI68723||AppScan removes the base from the URL when setting HREF attribute under base element
|PI70867||False positive – XSS was reported even though it didn’t escape the surrounding apostrophes
|PI66844||Advisory and Fix Recommendation for SRI (Subresource Integrity) support in localized languages are blank
|PI66308||JSON parameters values are not tracked when the tested mutation is not applied on one of the body parameters|
|PI68237||Possible false positive detecting Authentication Bypass using HTTP Verb Tampering|
|PI65366||False positive "Directory Listing Pattern Found"
|PI68070||False positive "Session Identifier Not Updated" issue
|PI69426||URL is scanned and tests are sent to URL in folders above the directory of the Starting URL|
|PI68768||Login and logout pages are tested even when the "Send tests on login and logout pages" option is cleared|
Known side effects
· When uninstalling AppScan Enterprise on Windows 2012, the following services may appear as registered in the Services.msc dialog:
· IBM Security AppScan Enterprise Server
· IBM Security AppScan Enterprise Alert Service
· IBM Security AppScan Enterprise Agent Service
The associated files are removed during the uninstall process, but when you attempt to install AppScan Enterprise again, the installation will register the new services if these entries are still there.
You can manually remove the services by performing the following commands from the Windows command-line:
· sc delete "IBM Security AppScan Enterprise Server"
· sc delete "WFAlertSvc"
· sc delete "WFAgentSvc"
· To access the new interactive REST APIframework, the AppScan Enterprise instance name must be called 'ase' (for example, https://<domain>:9443/<b>ase</b>/api/pages/apidocs.html).
· Use Microsoft Silverlight with Internet Explorer 8.0 to properly render Dojo functionality.
· When a scan job only has a recorded login (no Manual Explore or Starting URLs), the scan will not crawl below that page. Add at least one URL to the Manual Explore or Starting URL of the What to Scan page.
· If you upgrade a database from pre-8.8, and then click any existing job, the scan log will be empty. Rerun your jobs to generate a new scan log.
When editing the Edit Application Profile Template page in IE 8/9, changes are not saved. Navigate away from the field you are editing and then back to it. Save your changes. Alternatively, upgrade your browser to IE11 or Firefox 38 ESR
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central(FC)?
|AppScan Enterprise on Windows||26 Oct 2016||English||3674710639||FC|
|AppScan Enterprise on Linux||26 Oct 2016||English||261083791||FC|
- Visit the AppScan Enterprise Support portal to review lists of known problems, fixes, and a wealth of important support information.
- If you have an issue with the AppScan product, open a support ticket (PMR) at Service Request.
- For quick questions, use the AppScan Enterprise Forum.
Licensing InformationConsult Licensing for AppScan Enterprise.
Helpful Hints For Obtaining Technical Assistance
Before you contact IBM Security Software Support, gather the background information that you need to describe the problem. When creating the ticket give the following information:
- What operation did you performed - and what error message have you received?
- The background information needed to understand the issue.
- Version of AppScan Enterprise. Make sure you are opening the ticket for AppScan Enterprise (there are several AppScan products supported by different teams).
- Impact of the issue on your organization, schedule, deadlines.
- Upload logs, screen captures, and background information to the ticket (logs required for common troubleshooting issues).
Problems (APARS) fixed