0
30.3.2
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Exception Management enables organizations to efficiently handle and document vulnerability exceptions. It provides a controlled process for requesting, reviewing, and approving exceptions to vulnerable findings, ensuring transparency and compliance. By automating workflows and capturing exception justifications, it helps reduce operational bottlenecks while maintaining risk visibility and audit readiness.
- Manual and Automated Exception Request and Approval Workflow - Streamline the process of submitting, reviewing, and approving exception requests with customizable workflows that ensure accountability and speed up decision making.
- Comprehensive Exception Tracking and Audit Trails - Maintain full visibility into all exceptions with detailed records of approvals, justifications, and timelines to support compliance and audit readiness.
Fixed:
- An issue where vulnerable items were not transitioning to a closed state after their associated detections were closed, because the exception rule scheduled job was not checking for the closed state on finding records.
- A performance degradation in USEM ingestion caused by redundant repeated queries to the findings configuration table during exception processing. A static method has been implemented for invocation that eliminates the unnecessary per-instance overhead.
- The bulk approve and reject modal incorrectly opening for non-eligible records, preventing approvers from inadvertently acting on records that do not qualify for bulk processing. List view layout enhancements might improve usability.
- Resolved VIT records incorrectly remaining in a "Deferred" state after an Exception Rule was deleted, caused by deferral fields not being cleared properly during final state transitions.
- Fixed a security vulnerability where the "Design new questionnaire" UI action could be accessed by unauthorized users due to an ACL bypass, ensuring only permitted users can access questionnaire design functionality.
- Resolved multiple exception management issues in the Risk Reduction and Questionnaire approval flows, including incorrect state transitions and edge cases in approval handling.
Changed:
- Introduced Bulk Approve and Reject capability for approvers, enabling them to process multiple exception requests simultaneously from a single list view, which can help with significantly reducing manual effort for high-volume approval workflows.
- Added new KPI tiles to the Exception Management dashboard for Expiring Exceptions, Exception Extensions, and Repeated Rejections, giving approvers and managers additional visibility into exception health and lifecycle trends.
- Exception Rule configurations can now be added to update sets, allowing administrators to capture and promote exception rule changes across environments as part of standard change management processes.
- Improved the Approval UI with clickable summary cards, providing a more intuitive navigation experience for approvers reviewing and actioning exception requests.
- Added support for category_roles in Smart Assessments and enabled quick editing of assessment templates, improving configurability of assessment-driven exception workflows.
- Removed unnecessary UI action buttons (Resolve and Close) from the new AVIT creation form, preventing user confusion and unintended actions on records that have not yet been fully saved.
- Required plugins and products
- Dependencies