APAR status
Closed as program error.
Error description
In IBM Security Appscan Source Edition version 8.7.0.1, when the WAFL Globals Tracking Advanced Scan Configuration option is set to 'False' (the default for this release), some tracking of Global objects specified in the WAFL file will not be tracked and thus vulnerabilities will be missed. AppScan Source should generate an error that scan results will be incomplete where a Global object is detected and where WAFL Global Tracking is set to False and should suggest to enable this for more complete tracking of results.
Local fix
Problem summary
The wafl_globals_tracking option in AppScan Source defaulted to false, which could result in missed findings.
Problem conclusion
The default value for the wafl_globals_tracking option has been changed to true.
Temporary fix
Comments
APAR Information
APAR number
PM93986
Reported component name
SEC APPSCAN SRC
Reported component ID
5724Z3400
Reported release
870
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-07-28
Closed date
2013-11-07
Last modified date
2013-11-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SEC APPSCAN SRC
Fixed component ID
5724Z3400
Applicable component levels
R880 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSS9LM","label":"IBM Security AppScan Source for Automation"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"870","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
07 November 2013