What's new in HCL AppScan® Enterprise
This section describes new AppScan Enterprise product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
New in HCL AppScan® Enterprise 10.6.0
- AppScan Enterprise now displays CVSS vector for your issues
- The Issue attributes window within the Monitor page now displays the Common Vulnerability Scoring System (CVSS 3.1) vector string along with CVSS version and score.
- The CVSS 3.1 vector string is also included in the security report generated from the Monitor page.
- Enhanced CWE mapping
- AppScan now maps multiple CWEs to issues in the Monitor tab. Every issue will now have a primary CWE and may also have additional CWEs that are relevant to the issue. This gives a wider perspective of the issue.
- Dashboard now enables deeper analytics capability
- The Monitor page dashboard has been upgraded with additional filters for more in-depth analytics for your issues
- New login page
- A new login page has been implemented to improve the user experience.
- Added new industry-standard test policy:
- OWASP Cloud-Native Application Security Top 10
- Added new Regulatory Compliance report:
- Network & Information Security Directive (NIS2)
APAR fix list
The following Authorized Program Analysis Reports (APARs) were fixed:
APAR No. | Description |
---|---|
KB0109261 | Unable to submit defects to RTC from scan tab. |
KB0113413 | DTS server application: Creation of issue from ASE console is resulting in errors. |
KB0113281 | Scan starting after the configured blackout period, reports Unknown time zone error in some cases. |
KB0110975 | AppScan Enterprise should handle the "Use settings from an imported file" setting correctly. |
KB0112780 | "folderitems" REST API is not returning the error code after failure. |
Fixes and security updates
New security rules in this release include:-
attWPHelperLitePluginXSSCVE20230448 - Detection for CVE-2023-0448
-
WordPressWBPUPluginXSSCVE202328665 - Detection for CVE-2023-28665
-
WordPressLWPPluginXSSCVE202323492 - Detection for CVE-2023-23492
-
attNoSQLInjection - Improved support for NoSQL vulnerabilities (demonstrated in crAPI)
-
attCactiRemoteCommandExecutionCVE202246169 - Cacti Detection for CVE-2022-46169
-
Vulnerable component database updated to version 1.4
This release's complete list of fixes, updates, and RFEs is listed here.
Changed in this release
- The Web Service Test Policy is now deprecated. While it remains functional, its use is discouraged as it will be removed in a future release.
- WebSphere® Application Server (WAS) Liberty Core updated to version 24.0.0.4.
- The jQuery library has been upgraded from version 1.8.0 to version 3.7.1.
Upcoming changes
- AppScan Enterprise is planning to upgrade to Java 17 in the next release.
-
Starting with version 10.7.0, the licensing procedure is changing. This change doesn't impact existing usage. For more details and upcoming updates, please refer to the following resources: