Forum Discussion

Cirrus

Apr 09, 2019

Solved

Vulnerabilities file doesn't contain Vulnerabilities Found And Verified By Qualys

The client ran a Qualys scan using Scanner 10.5.59-1, Vulnerability Signatures 2.4.576-2 (as I can see from the XML). The F5 is running 12.1.3.3. Build 0.0.1 Point Release 3. Every time the XML is up...

samstep
Apr 26, 2019
Please make sure you are importing Qualys Web Application Scan results file. The standard Qualys scan is about infrastructure vulnerabilities which cannot be mitigated by ASM. Ask your client to provide the Web Application Scan XML Report. From within Qualys they can obtain it by navigating to: Web Applications > View Report > Download > XML .

samstep

Cirrocumulus

Apr 26, 2019

Please make sure you are importing Qualys Web Application Scan results file. The standard Qualys scan is about infrastructure vulnerabilities which cannot be mitigated by ASM. Ask your client to provide the Web Application Scan XML Report. From within Qualys they can obtain it by navigating to: Web Applications > View Report > Download > XML .

Forum Discussion

Vulnerabilities file doesn't contain Vulnerabilities Found And Verified By Qualys

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform