Addressing Vulnerability in Clarity PPM when Reported by Security Scanning Tools

book

Article ID: 144491

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Addressing security concerns in software like Clarity PPM is a critical part of developing quality software. If your security scanning tool shows security vulnerability exists on Clarity PPM please follow the procedure.

Environment

Release : 15.7

Component : CLARITY PPM SAAS OPERATIONS

Resolution

1) Check the Clarity PPM Knowledge Base for known or named vulnerabilities for something that has already been published to address the vulnerability.
2) Ensure the version of Clarity PPM being scanned is on the latest Release and/or Patch level.
3) Check the CVE number against the Common Vulnerabilities and Exposures online database to ensure that the OS or component of concern has not already been updated by the vendor.
4) Have your internal security team run another security scan again after the steps above are complete.
If concern still exists, a support case should be created.
5) Open a Clarity PPM support case and include your security team's vulnerability scan attached to the case, the CVE ID, a detailed description, Clarity PPM version, and any other details about the vulnerable files on the Clarity system.