IBM Support

IV97516: 'WHEN THE DESTINATION IS VULNERABLE TO CURRENT EXPLOIT ON ANY PORT' RULE TEST STOPS WORKING AFTER VULNERABILITY SCAN

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been observed that when the "when the destination is
    vulnerable to current exploit on any port" rule test is
    configured to be used, the test stops working as expected after
    a vulnerability scan is completed until a restart of services
    is performed.
    

Local fix

  • Performing a 'Deploy Full Configuration' function after a
    vulnerability scan completes restarts the appropriate services
    to enable the rule test to function as expected.
    
    * NOTE - Performing a 'Deploy Full Configuration' causes an
    event/flow collection and User Interface outage until the
    required sevices are restarted.
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 728 patch 14
    and 731 patch 5.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 728 patch 14
    and 731 patch 5.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV97516

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    728

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-26

  • Closed date

    2018-10-24

  • Last modified date

    2018-10-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"728","Edition":""}]

Document Information

Modified date:
24 October 2018