Are fortify SSC and SCA impacted by CVE-2024-38816&CVE-2024-38819 via "spring-webflux" and "spring-webmvc" jars?
Environment
SCA and SSC
Situation
Applications serving static resources through the functional web frameworks WebMvc.fn…
This KM guides User how to delete SSO user on SSC, and how to delete it directly on DB
Environment
Fortify SSC version 23.x, 24.x
Situation
User would like to know how can they delete SSO user on SSC, and the query to delete it on…
It was unable to restart service due to not enough disk space. The Docker's windowsfilter folder grew up and took up almost full the disk space.
Environment
SSC 23.1 SC DAST 23.1
Situation
After running a long time, the Docker's windowsfilter…
Users using SSO authentication cannot login to SSC after the account that Tomcat runs as is changed.
Environment
Fortify Software Security Center (SSC)
Situation
Users using SSO authentication cannot login to SSC after the account…
Running Tomcat9.exe gets OutOfMemory errors despite the maximum heap size for Tomcat being increased in Tomcat's configuration.
Environment
Fortify Software Security Center (SSC)
Situation
SSC is experiencing OutOfMemory errors despite…
Failed to seed all init seed bundles when trying to upgrade SSC 21.2 to SSC 23.1. The main error is “Invalid column name 'requiresComment'.
Environment
SSC 23.1
Windows Server 2019
SQL Server 2019
Tomcat 9.0.82
Zulu 11.0.23+9 JDK…
Environment
Fortify Software Security Center (SSC) 24.4
Situation
CVE-2024-38821 has been reported for Spring WebFlux applications that have Spring Security authorization rules on static resources getting bypassed under certain circumstances.…
Under some circumstances suppressed issues can appear not being suppressed in subsequent scans to the same codebase
Environment
Fortify SSC
Situation
Under some circumstances suppressed issues can appear not being suppressed in subsequent…
Summary How to increase the UnifiedLoginToken days to live default when an automatic renewal is wanted.
Products Fortify Environment Fortify Software Security Center (SSC)
Situation Is there a way to automate the renewal of the UnifiedLoginToken on…
Summary Attempting to login to scancentral to upload a file for scanning but tokens fail with error "update failed" or "token auth failed"
Products
Fortify Static Code Analyzer
Environment SSC ScanCentral…
Summary It is recommended to install the certificate before deploying SSC. There are some files and information that might get corrupted and this is one of the reasons for SSC not working as expected.
Products Fortify Static Code Analyzer Environment…
Summary Customer has 2 types of users, both authenticated via a keycloak server. One set of those users keycloak authenticates against an LDAP server the other group is authenticated against a local database in keycloak without LDAP. Keycloak does the…
Summary Unable to seed all init seed bundles error when trying to start SSC in Kubernetes
Products Fortify Environment Software Security Center (SSC) in Kubernetes
Situation The following error is received when trying to start SSC in Kubernetes: …
Summary How to disable SAML SSO Products Fortify Environment SSC
Situation User are not able to log in after SAML SSO got enabled
Resolution Run the following query on the SSC database (please take a backup of it before running the query):
UPDATE…
Summary Global Search filed is not present in Software Security Center interface as it has not been chosen as a functionality during initial configuration of
Products Fortify Software Security Center Environment Software Security Center (SSC) - all…
Summary When Scancentral Controller tries to upload a FPR to SSC, the scancentralCtrl.log was receiving a "java.net.SocketTimeoutException: Read timed out"
Products Fortify Software Security Center Environment Fortify ScanCentral 22.1
Situation Scancentral…
Summary Versions created from a base version do not reflect the tags or changes made to the base version
Products Fortify Software Security Center
Environment Fortify Software Security Center
Situation When creating versions based on a base version…
Summary How to get "History of Project Variables" from Api endpoint
Products Fortify Software Security Center Environment Fortify Software Security Center
Situation Customer is looking for a way to get the project variable history (That is a field…
Summary Audit.xml contained inside the FPR has only the data of modified or assigned application vulnerabilities
Products Fortify Software Security Center
Situation On some scenarios, Audit.xml file appears to be empty. This happens when the user…
Summary SSC initial configuration was unable to complete, because of Oracle 19c db configuration and permission issue. Seed failed with the following error: "Unable to seed all init seed bundles - HHH000315: Exception executing batch". Products Fortify…
Summary There are some multi version or application reports but there is no way to filter them by an specific vulnerability
Products Fortify Software Security Center
Situation Some customer would like to generate a single report containing multiple…
Summary What to check when there are no user being pulled by SSC when LDAP is configured
Products Fortify Software Security Center
Read Full Support Tip Article here.
Support Article Reference Number (URL Name) KM000006026
Summary In this scenario Apache Tomcat appears to be running but SSC is not reachable
Products Fortify Software Security Center
Read Full Support Tip Article here.
Support Article Reference Number (URL Name) KM000006236
Summary Shows the process of how to reduce the size of the SSC database
Products Fortify Software Security Center
Read Full Support Article here.
Support Article Reference Number (URL Name) KM000005861
Summary The customer wants to know how to include custom report templates into Fortify SCA/AWB to be used by BIRTReportGenerator, also how to include the custom report templates in Fortify SSC.
Products Fortify Static Code Analyzer Fortify Software…