IBM Support

IBM Content Navigator - Security vulnerabilities identified by third party scanning tools

How To


Summary

This document describes IBM Content Navigator's support policy for security vulnerabilities identified by third party scanning tools.

Objective

Background 

  • As part of its Secure Engineering practices, IBM performs security vulnerability code scanning on all new major software product releases.
  • For IBM's Cloud Pak and Red Hat certification processes, Docker images are scanned.
  • Following our Continuous Delivery policy (https://www-01.ibm.com/support/docview.wss?uid=ibm10738757), we refresh our products on a regular basis.  
  • We regularly pick up the latest levels of all third-party products used, thereby ensuring that we have the latest vulnerability scanned version of third-party products/components.    

Support 

  • We will accept Support Cases (PMRs) for investigating high severity vulnerabilities identified by third party scanning tools.
  • However, before opening a support case, it is expected that the customer will have:
    • Reviewed and triaged their third party scanning tool vulnerability reports to identify those items that are true positives and truly high severity. (This is documented in the IBM Support Handbook: http://lure.austin.ibm.com/webapp/set2/sas/f/handbook/getsupport.htm)
    • Run the scan on the most recent build of Content Navigator
    • If unable to upgrade to the latest build, check that the vulnerability is not already addressed in a newer version of the IBM Content Navigator product.
  • In addition to providing the third party scanning report that details the vulnerability(s), in some cases, it may be necessary for customers to provide a script or equivalent that exploits the vulnerability so that we can properly investigate it.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEUEX","label":"IBM Content Navigator"},"ARM Category":[{"code":"a8m0z0000001gtfAAA","label":"ICN->Core->Security Vulnerability"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
28 June 2022

UID

ibm16599317

Page Feedback