Bug ID 549385: REST API: Export Policy does not give an option whether to export Vulnerability Data

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0

Opened: Sep 30, 2015

Severity: 4-Minor

Symptoms

The GUI provides an option whether to export Vulnerability Data for a policy. By default this is false, and it is only shown if the Policy has a Scanner configured. The REST API does not give an option whether to include this or not and ALWAYS includes the scanner data, even if the policy does not have a scanner configured. This puts useless information in the exported XML and makes it different than the XML exported from the GUI.

Impact

Useless information in the exported XML and makes it different that the XML exported from the GUI.

Conditions

REST API is used to export a Security Policy

Workaround

None.

Fix Information

The new option "includeVulnerabilityAssessmentConfigurationAndData" can be set when exporting a Security Policy using REST.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips