Vulnerabilities file doesn't contain Vulnerabilities Found And Verified By IBM AppScan

Question

This is what I got when I tried to import XML output from IBM AppScan to F5 ASM security policy (using vulnerability tool output). Did anyone got the same?&nbsp;

boneyard · Answer

did the appscan find vulnerabilities? have you checked the version? i seem to recall there was a version issue for one of the scanning vendors.&nbsp;

harshapotharaju · Answer

Here are the first two lines of XML.
 
Note: IBM AppScan is neither standard nor enterprise edition. It's in the cloud.

pk_bhatia · Answer

seems only supported version is standard edition. https://support.f5.com/csp/article/K14089&nbsp;

boneyard · Answer

very possible, probably the best is to contact your F5 sales about this and please report back.&nbsp;

harshapotharaju · Answer

The AppScan format that F5 supports is 9.0.3.1 and what we have is 2.42, Note that these are xmlExportVersions not xml versions. F5 Product Development has assigned ID 642185 to this issue and they have introduced the fix of this issue in version 13.0.1, which was released a week ago. Also they are trying to introduce the same fix for upcoming HFs' of other versions.&nbsp;
Thanks,&nbsp;
Harsha.&nbsp;

Forum Discussion

Vulnerabilities file doesn't contain Vulnerabilities Found And Verified By IBM AppScan

5 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two