Frontline Vulnerability Management (Fortra VM)

NOTE: As of version 7.0.0.0, Frontline Vulnerability Manager (Frontline VM) has been renamed to Fortra VM. See the Fortra VM release notes for updates released after this version.

February 2024

Version 7.0.0.0

February 28, 2024

New Features
  • This version of Fortra Vulnerability Management, formerly Frontline Vulnerability Manager, introduces new Fortra VM branding and integration with Fortra's platform.
  • Users will soon have access to Fortra IdP to simplify login, Fortra Support Portal access to support ticket submission and tracking, along with knowledge base articles and FAQs.
  • Frontline VM users will be seamlessly transitioned to Fortra VM over the coming months with the opportunity to opt-in to Fortra's platform with native SSO version once eligible.
Enhancements
  • Branding alignment:
    • Removed 'Frontine' verbiage throughout UI and reports
    • Theme changes for branding alignment
  • PCI Self Service:
    • CVSS Score of 4.0 assigned to auto-fail vulns with no associated CVE-ID.
    • Changed "3b note" to "Special Note (3b)"
    • Limited SSL/TLS auto-fails to a list of known vulnerabilities
  • Updated agent documentation on help site
  • Improvements added to vulnerability dictionary (additional information and filters)
  • Added support for switching account via API request
  • Allowed nested General accounts
  • Allowed entry of multiple phone numbers in a theme
  • Report auto-scaling for improved report generation speed / capacity
  • Account level settings to manage Fortra IdP eligibility and active status
Fixes
  • File upload requests redirect to login in platform
  • Build Report in Active View errors and fails to show dialog box

January 2024

Version 6.5.9.0

January 6, 2024

New Features
  • Support for 'ephemeral' vulnerabilities.
Enhancements
  • PCI Self Service:
    • List vulnerabilities by all CVE-IDs in part 3a of the ASV Scan Summary.
    • Add verbiage for auto-failures per ASV Program Guide 4.0r2.
    • Ensure "Special Notes" align with ASV Program Guide 4.0r2.
  • Delay report server shutdown until all current reports have completed.
  • Support physical devices for RNA Conversion pipeline.
Fixes
  • PCI Self Service:
    • Passing and Failed vulns are mixed when sorting by severity.
    • Components for 3b notes are maintained and displayed when not required.
    • ASV Scan Vulnerability Details report is consolidating vulnerabilities that are not the same.
    • ASV Scan Report Summary's Exceptions column needs to be on the same row as corresponding columns.
  • Correct the Agents CSV Export report errors.
  • Japanese translation error in Appendix D False Positive statement.
  • Scan Groups "+ Add Scan" disabled in WAS App when "Auto Generate WAS Scans" is enabled.
  • Custom path manually added pagevulns not carried forward in AV.
  • Shared user role not available to use for new accounts created in nested account tree.
  • WAS Scan Template Tuning Policies always shows default policy.

December 2023

Version 6.5.8.1

December 18, 2023

Enhancements
  • This version of Frontline Vulnerability Manager introduces various bug fixes and enhancements to improve overall usability and quality.
Fixes
  • PCI Self Service:
    • PCI Compliance report failing with accepted dispute for WAS URL Redirection vulnerability.
    • PCI Compliance report not displaying ad-hoc hostname targets.

August 2023

Version 6.5.6.0

August 30, 2023

New Features
  • This version of Frontline Web Application Scanner introduces several enhancements for the PCI Self Service feature
  • Initial Support for RNA Upgrade Pipeline to Install Ubuntu 20.04
Enhancements
  • PCI Self Service:
    • Scan Groups now support dynamic auto-creation of WAS scans from VM scans that detect webservers
    • Support file attachments for PCI Disputes
    • Support assignment of PCI disputes to selected PCI analyst
    • System generated WAS Audit policy created for PCI Compliance Scans
    • Enforce PCI workflow parameters in scans created for Scan Groups with applied settings
    • New notifications added to ensure assigned PCI analyst is notified whenever a dispute comment is made
    • New PCI Vulnerabilities CSV Export report
    • Generate PCI Compliance Reports sections as reports and ZIP
Fixes
  • PCI Self Service:
    • Disable ability to dispute on scans older than 90 days
    • Revert to original vuln status when disputes sent back to pending
    • Revert status (Pass or Fail) on expired disputes when rescanned
    • Set dispute expiration to end of quarter
    • Prevent PCI Compliance Report for only WAS scans
    • Correctly note WAS webapps not found during scan in section 4c of PCI Compliance Report
    • PCI Compliance Report Scan Summary part 3b needs to show most recent note
  • Scan Groups:
    • New Scan Group button forwards to link with query information on url
    • Sorting by "Next Period Start" sort does not sort correctly
  • Intermittent failures recrypting scanner credentials
  • Scans attempting to launch on artificial RNAs error out immediately

July 2023

Version 6.5.5.2

July 7, 2023

Enhancements
  • One-Time Scans: Add OTS configuration for IBM i DDM Service Unauthenticated RCE One-Time Scan
Fixes
  • One-Time Scans: Updated verbiage for consistency and grammatical correctness
  • PCI Self-Service: Fix the incorrectly filtered global view of the PCI dispute list
  • Multi-scan reports potentially error from setting value on incorrect field

May 2023

Version 6.5.4.1

May 31, 2023

Fixes
  • PCI Compliance Reports marked incorrectly as "Failing"
Version 6.5.4.0

May 31, 2023

New Features
  • Linux Agent Support
Enhancements
  • PCI Self Service: Update our PCI ASV number and POC in PCI Compliance Report
  • PCI Self Service: Support PCI reporting on undetected hosts
  • Add "status" support for completed Scan Group runs to Scan Group Template controller / page
Fixes
  • Update package dependency versions
  • Fix max CVSS scores displayed in the Vulnerability Dictionary
  • Miscellaneous filters
  • WAS vuln assessment workflow unavailable on accounts with on the Web Application Scanning subscription
  • Console Error when resetting password

April 2023

Version 6.5.2.5

April 7, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.
Version 6.5.2.4

April 3, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.

March 2023

Version 6.5.2.3

March 17, 2023

Enhancements
  • Allow scoping PCI multi-scan reports by specific quarters as windows to query selectable scans.
Fixes
  • Fix asset matching functions in multi-scan reports and provide report option to opt-out.
  • Dates displayed in the interface are not reflecting DST timezone offset.
  • Japanese translated report cover page displays broken HTML.
  • Theme files on report generating task workers aren't always in sync as expected.
  • Business groups incorrectly being associated to AV hosts outside of AV window on insert.
Version 6.5.2.2

March 3, 2023

Enhancements
  • Japanese exception list for translation service.
  • Allow the instant translation service to handle HTML document.
Fixes
  • Themed reports are not working; consistently falling back to the default theme.
  • Theme data cannot be viewed in the UI.
  • PCI Self Service: All items from WAS scan not showing up in PCI compliance report using multi scan.
  • PCI Self Service: 3B items that are changed are not showing the most recent entry in compliance reports.
  • Multi-process functions from stats gerneation are exceeding task worker resource capacities.
  • Hide PCI / PT workflows in WAS when no sub.
  • Add 'Max webapp count' field to 'Web Application PCI Compliance Scanning'.
  • Restricted accounts display partial menus when engaged by Global Admin.
  • Partial scan results are no longer displayed when a WAS scan is errored.
  • Console error opening Scanner Profile detail page.
  • WAPT Subscription - icon missing and moved to bottom of list.
  • Incorrect resource ACL inheritance from Business Groups of Scan Source.
  • Scanner-side update to set WAS scan blocks to 'completed' are causing scans to complete without reconciling.
  • VM insert error from saving JSON object with null byte value in it.

February 2023

Version 6.5.2.1

February 22, 2023

New Features
  • This version include Windows 11 CIS Benchmark checks.
Enhancements
  • Improve scan execution efficiency in SPARKS.
  • Add PCI workflow backend support to WAS.
  • Create dedicated app server type for external users.
  • Add AWS instant translation to translation service.
  • PCI Self Service: Create a CRON to remove old validated disputed_accepted vulns.
  • Create new WAS Tuning Policy for PCI.
  • PCI Disputes should trigger notifications to analysts.
  • Improve logging in the RNA activation controller.
  • Use caching to improve account ownership functions.
  • PCI Self Service: Add ability in PCI tabs to remove a dispute.
  • PCI Self Service: When an official report is created and sent in review all PCI analysts are notified.
  • PCI Self Service: Add sorting/filtering for 3B notes.
  • Enable Windows 11 CIS reports in Frontline.
  • Create standard PCI WAS scanning policy.
Fixes
  • Performance fixes for stats generation.
  • Fix PCI Tab default sorting.
  • Fix Recurring Reports that run on different days. Only the most recent report appears to be available.
  • Creating multi-scan VM / WAS Compliance Report includes All Active View.
  • Trigger reconciliation of WAS scan where scan is marked completed, but has not reconciled.
  • PCI Self Service: PCI dispute page not displaying UI control for individual line items.
  • PCI Self Service: UI elements to Accept or Reject a PCI Dispute are present for a MSP Global Admin.
  • PCI Self Service: PCI Scans Show Analysis tab when managed workflow is not being used.
  • PCI Self Service: When hostname scanning the IP Address that the hostname is being resolved to is brought forth when attesting.
  • Fix VM scan results PCI tab to allow re-dispute.
  • Show Customer svope in PCI Attestation.
  • VM scan links have a value appended to them.
  • Spelling error in WAS > PCI tab > Dispute button.

January 2023

Version 6.5.1.9

January 27, 2023

Enhancements
  • Added a new command in RNA utils to grab scan status from RNAs.
Fixes
  • PCI Self Service: Reports - Assets with different IPs and same DNS Name is not being reported.
  • Error generating Language localization Reports with size that exceeds the limit.
  • Creating new Business Groups will not allow assigning Group Members.

December 2022

Version 6.5.1.5

December 22, 2022

Enhancements
  • PCI Self Service: Send notifications on disputed approved/denied.
  • PCI Self Service: Provide a way to override PCI Vulnerability instances.
  • PCI Self Service: Hide PCI related notes from Vuln instance expanded row on Results vulns tab.
  • PCI Self Service: Unhide override pass tools.
  • PCI Self Service: Add filter for 3B/disputes.
  • PCI Self Service: Use Hostname from Scan Template in reports for VM Scans.
Fixes
  • PCI Self Service: If a vulnerability is discovered on both a VM and WAS scan, the PCI Compliance report incorrectly puts the WAS dispute note on the VM vulnerabiliy.

  • PCI Self Service: Dispute Page - Scan Type is blank for VM and WAS vulnerabilities.

  • PCI Self Service: PCI Compliance report formatting issue.

  • PCI Self Service: No report data source displayed for PCI Compliance Reports.

  • PCI Self Service: Hide PCI tab in Container and Agent Scans.

  • PCI Self Service: Additional PCI dispute comments are not showing on Dispute Management Page.

  • PCI Self Service: PCI Dispute Page does not show override value.

  • PCI Self Service: Hide Update PCI Value button unless permission is granted.

  • PCI Self Service: Require 3B Documentation value always set to off when editing vuln dictionary.

  • PCI Self Service: Part 3 Component Compliance summary can fail to list some passing components.

Version 6.5.1.4

December 17, 2022

Enhancements
  • PCI Self Service: Add additional infromation for WAS in vuln details in the Vulnerability details section of the PCI Compliance Report.
  • PCI Self Service: Add out-of-scope items in the PCI Compliance Report.
  • PCI Self Service: Users should be able to re-dispute a culn where previous dispute is rejected.
  • PCI Self Service: Provide a way to allow customers to enter Out-of-Scope Components.
  • PCI Self Service: Provide a way to override PCI Vulnerability Instances.
  • PCI Self Service: Make PCI Component editable in vulndictionary.
  • PCI Self Service: PCI Reports available on WAS new scan template.
  • PCI Self Service: Remove attestation for uncertified PCI Compliance Report.
Fixes
  • PCI Self Service: Include the IPs that were added in the additional required pop-up for Part 4A in PCI Compliance Report.

  • PCI Self Service: Error attempting to add a 3B note as a client account admin.

  • PCI Self Service: Error attempting to Dispute a WAS Vuln.

  • Fix Vuln dictionary CVSSv2 and CVSSv3 incorrect info.

  • PCI Self Service: Error attempting to add a comment to a disputed vuln that had a comment deleted.

  • PCI Self Service: Client cannot re-dispute vulns with rejected vuln disputes.

  • PCI Self Service: Filter PCI Compliance report out of Report template list when an Agent or Container scan is selected as the scan source.

  • PCI Self Service: Add additional information requested for section A4 and Part 3B.

  • PCI Self Service: Remove dispute modal display button that reads 'Dispute'.

Version 6.5.1.3

December 14, 2022

Enhancements
  • PCI Self Service: Add option to send to the official certification workflow.
  • PCI Self Service: Removed Unofficial from PCI Reports.
  • PCI Self Service: Add more WAS details in our PCI Compliance Report.
  • PCI Self Service: Add new permission for PCI Analyst.
  • PCI Self Service: Allow users to move a pending Dispute back to Undisputed.
  • PCI Self Service: Support scan name filtering on /disputedvulns endpoint.
  • PCI Self Service: Add controls for analyst override of PCI values.
  • PCI Self Service: Add PCI Required Remediation report to multi-scans.
  • PCI Self Service: Add Attestation date to A4 of the Attestation of Compliance in PCI Compliance Report.
  • PCI Self Service: Update report "Officially certified" toggle to use Modal
Fixes
  • PCI Self Service: Unable to dispute a vulnerability as a client account admin.

  • PCI Self Service: Report erroring on hidden dictionary entries.

  • PCI Self Service: Include Resolved toggle does not display as active or not until page refreshed.

  • PCI Self Service: Electing to dispute multiple VM scan vulnerabilities fails - no vulns displayed as being Disputed.

Version 6.5.1.2

December 10, 2022

Enhancements
  • PCI Self Service: Capture analyst overrides for various PCI items
  • PCI Self Service: Allow MSPs to view Disputed List Page
  • PCI Self Service: PCI Tab add 3B note status badge in PCI Tab
  • PCI Self Service: Add PCI assessment administration permissions
  • PCI Self Service: Add link to PCI Disputes page
  • PCI Self Service: Show 3B notes on vuln row in Scan Results tabs
Fixes
  • PCI Self Service: Accepted vulns still showing as Failing in PCI Reports
  • PCI Self Service: PCI Compliance reports errors with multiple accounts

June 2022

Version 6.4.4.0

June 11, 2022

New Features
  • Edge Network support increases the scalability and responsiveness of our scanning communication network.
  • Implementation of Business Groups.
  • Reports enhancements with support for scheduled and emailed reports.
  • Added a Global Vulnerability Search for MSP accounts.
Enhancements
  • Business Group Column in active view display (Ticket 18151).
  • Auth Scan Config: Add a "Test Your Config" button (Ticket 20422).
  • Dynamic Labels used as Rules for Business Groups (Ticket 18019).

  • Preserve access to historical scans / reports after Business Group access levels change (Ticket 20046).

  • Report Scheduler (Ticket 17363 and 1456).

  • Vulnerability Age Report (Ticket 17601).

  • Added the ability to save report filters for future use (Ticket 19099 and 1457).

  • Included an Authenticated Creds Test button (Ticket 19473).

  • Enterprise Admin Group able to view other groups dashboard (Ticket 19635).

  • Custom Report Templates - Data Filters (Ticket 20275).

  • Change how we manage IP restrictions for Business Groups (Ticket 22207).

  • Custom email lists for scanning notifications (Ticket 22633).

  • Added the ability to enable recurring reports (Ticket 23319).

  • Made Scan Description variable visible in UI (Ticket 23827).

  • Fulfilled request for NVD Reporting Functionality (Ticket 24517).

  • Choose what reports automatically generate after a scan (Ticket 24885).

  • Sending reports (Ticket 25073).

  • Added Business Group column to Scanners page (Ticket 18553).

  • Added support for a Microsoft patches only report (Ticket 1831).

  • Auth Scan / Credential PDF Detailed Status Report (Ticket 1094).

  • Add support for emailing reports to users (Ticket 1514).

Fixes
  • Fixed subject for some automated emails to match email content (Ticket 25212).

  • Updating Business Group shows IPs as not associated to Scanner Profile (Ticket 24695).

  • Email headers do not match email content (Ticket 25212 and 25289).

  • Graphs & Trending - "Asset Rating Counts" not displayed in DDI Asset Rating colors (Ticket 658).

  • Asset Rating not viewable with NVD/PCI (Ticket 1072).

  • Executive Summary Report does not respect NVD/PCI options (Ticket 1082).

  • Input fields for AV Window Size and SLA Days are active (Ticket 1323).

  • AV Summary incorrectly processes non-default options (Ticket 1369).

  • CIS CSV Export defaulting to PDF format (Ticket 1486).

  • Several filters have multiple entries in the Vuln Dictionary and Vuln Trend filter sets (Ticket 1502).

  • Clicking on 'Vuln Definition' on scan results causes loading the accounts page removes the active context and takes to the account page (Ticket 1548).

  • Vulnerabilities have multiple unique instances in agent scans (Ticket 1658).

  • Spelling error in DB/OS Tooltip (Ticket 1725).

  • Unable to delete manually added labels to Assets (or Vulnerabilities) (Ticket 1822).

April 2022

Version 6.4.3.4

April 22, 2022

Fixes
  • Fix incorrect vulnerability count when using asset labels.

March 2022

Version 6.4.3.3

March 2, 2022

Fixes
  • Increase logs disk size to 180Gb.

January 2022

Version 6.4.3.2

January 26, 2022

Enhancements
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Corrected failure of some cases related to deleted user roles in Managed Account Users CSV Export.
  • Fixed the automatic spin down of Trial accounts on TryFrotnline.Cloud shortly after creation.
  • Fixed missing owner filed in CSV export of Managed Accounts Security GPAs.
  • Fixed spelling error in "Approved management access request user" filter.
  • Removed Test Credentials button from Credential management pages.
Version 6.4.3.1

January 19, 2022

Fixes
  • Fixed Asset and Scanner Profile IP address "is (or)" and "is not (or)" filtering that did not work properly.
  • Multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features
  • Introduced comprehensive authenticated scan status and credential validity management.

    • See the success or failure of authenticated scans at all levels of scan results and reports.

    • Identify which credentials were used in each scan and if they are valid or not.

  • Added a comprehensive suite of management reports targeted specifically for MSPs.

    • Includes CSV reports, PDF reports and email alerts.

    • Manage customer base and understand usage and trends.

Enhancements
  • Added ability to search for vulnerabilities by authentication method (Bug 25256).

  • Added ability to supply custom trending intervals for reports (Bug 20480).

  • Added delay-time-period before automatically spinning down Trial accounts (Bug 25048).

  • Added support to filter scan results by a list of CVEs (Bug 23333).

  • Changed default RNA Access Request time to be 8 hours.

  • Deprecated Oracle Image Virtual RNA download.

  • Included authenticated scan status within reports (Bug 24978).

  • Introduced Asset Rating Trends Report.

  • Introduced SSL Certificates Report.

  • Introduced report review workflow into Frontline.Cloud (Bug 20672).

  • Introduced scoped credentials for authenticated scanning (Bug 24886).

  • Allow Trial account options to be set during Trial account creation.

  • Removed per-account limits for Virtual RNA appliance tokens.

  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.

  • Display authentication detect method on-hover for vulnerabilities (Bug 23369).

  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071)

  • Introduced suite of MSP / Super account management reports (Bug 24793, 20040, 20517)

  • Replaced logo with favicon for themes list.

  • Implemented various infrastructure improvements and security updates.

Fixes
  • Removed rounding for Active Risk Score in some locations within Frontline UI and reports.

  • Fixed the incorrect inclusion of tag with Container scanning license when calculating usage.

  • Fixed Core Impact scan exports that could not be filtered by date range.

  • Corrected the mistake allowing the Credential PGP cipher text.

  • Fixed dysfunctional filtering on Frontline Agent list page.

  • Fixed IP Address filter that did not properly respect quoted search terms (Bug 25297).

  • Fixed slow speed on Manage RNAs list page.

  • Broken links to help pages on new account dashboard are resolved (Bug 24931)

  • Fixed performance for statistics object management.

  • Corrected body text on RNA Access Approved email.

  • Populated data in reports based on container scans.

  • Fixed error in scan insertion when ping-type is not defined (Bug 25011)

  • Fixed report options that are not displayed in the report's options appendix.

  • Updated super account usage metrics in instances of error.

  • Allowed additional groupings for Threat Landscape reports.

  • Corrected inability to upgrade Trial accounts to General accounts (Bug 25253, 25060).

  • Fixed various bugs for reports including grammar, spelling, and style fixes.

  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

Back to Digital Defense Products