Addressing security concerns in software like Clarity PPM is a critical part of developing quality software. If your security scanning tool shows security vulnerability exists on Clarity PPM or Jaspersoft with Clarity please follow the procedure.

Release :  Any Supported Release

1. Check the Clarity PPM Knowledge Base for known or named vulnerabilities for something that has already been published to address the vulnerability. You can use Google or follow the KB Clarity Self Service KB Search Tips
2. Ensure the version of Clarity PPM being scanned is on the latest Release and/or Patch level.
3. Check the CVE number against the Common Vulnerabilities and Exposures online database to ensure that the OS or component of concern has not already been updated by the vendor.
4. Check the priority of the vulnerability 
5. If the concern still exists, open a Clarity PPM support case and include your security team's vulnerability scan attached to the case, the CVE ID, a detailed description, Clarity PPM version, and any other details about the vulnerable files on the Clarity system and how this is an issue.

Best Practices:

• We do recommend to always be on very latest release to ensure all the possible vulnerabilities are addressed.
• If you are on an old release, then it is expected that some vulnerabilities will be discovered there and upgrading on the latest version will minimize any possible vulnerabilities for you
• We are already running the security scanning tools and addressing all vulnerabilities in Clarity, if a KB exists and this is resolved in a current version, we recommend upgrading to this version
• Low priority vulnerabilities such as Medium-Low and Low do not need reporting to Support via a case as those are already reported in the scans we do internally and addressed accordingly
• A case should be raised separately for each vulnerability, unless you have over 3 concerns at once, then it's allowed to raise them in the same case and let the Support engineer decide how to manage it