Every day, new vulnerabilities appear in any organization's network, due to flaws in software, faulty application configuration, etc. Detecting, removing and controlling them require a powerful, yet flexible Vulnerability and Compliance Management solution. Our solution enables users to manage this risk effectively, focusing on discovery , then periodic assessment of where those risks lie, and providing up to date information to mitigate those risks. Core to this solution is our ever expanding, comprehensive vulnerability Database, and the periodic delivery of signature updates via the FortiGuard distribution network.
FortiGuard VCM Service packages are purchased on an annual subscription basis. The following features are available:| Feature | FortiAnalyzer/FortiGate VCM Service | FortiScan VCM Service |
|---|---|---|
| Web-based management |  | |
| Executive summary reports | | |
| Network discovery and mapping | | |
| Asset grouping and prioritization | | |
| Up to date service-defined vulnerability sensors and profiles | | |
| Scheduled and on-demand agentless vulnerability scans | | |
| Scheduled and on-demand agent-based vulnerability scans | | |
| Accurate and detailed vulnerability scan reports | | |
| Executive and technical PCI Compliance reports | | |
| Vulnerability trend reports | | |
| Comprehensive up-to-date Vulnerability Database | | |
| CVE compatiblity with search by CVE names | | |
| Scheduled and on-demand agent-based compliance audit scans | | |
| Native XCCDF compliance benchmarks | | |
| Scheduled and on-demand agent-based patch scans | | |
| Baseline templates for system hardening | | |
| Comprehensive up-to-date Remediation Database | | |
| Detailed OVAL Definition Database | | |
| OVAL 5.6 compliant | | |
| Integration with FortiGuard IPS services | | |
Resources
FortiAnalyzer/FortiGate VCM Service
FortiScan VCM Service
VCM Updates
1.247 ( Released: Jan 31, 2012 15:52:20 )
New ( 47 )- AOL.Radio.AOLMediaPlaybackControl.exe.Buffer.Overflow.Vulnerabi
- BMP.File.Invalid.Header.Buffer.Overflow
- Borland.VisiBroker.Osagent.Exe.Code.Execution
- CA.Alert.Notification.Server.Buffer.Overflow
- Cisco.Secure.Desktop.CSDWebInstaller.ActiveX.Control.Access
- Citrix.Provisioning.Services.Streamprocess.Buffer.Overflow
- Corel.WordPerfect.PRS.Buffer.Overflow
- EOL.Obsolete.Operating.System.Fedora.Core.12.Detected
- EOL.Obsolete.Operating.System.Fedora.Core.13.Detected
- EOL.Obsolete.Software.Oracle.Sun.JRE.1.5.Detected
- Firebird.Database.Username.Processing.Buffer.Overflow
- FTP.Client.Format.String
- HP.OpenView.Network.Node.Manager.Remote.Code.Execution.Vuln
- HP.OpenView.Network.Node.Manager.Template.Format.String
- HP.Software.Update.Tool.ActiveX.Control.File.Overwrite
- InduSoft.Web.Studio.Insecure.Operations.Remote.Code.Execution
- IntelliCom.NetBiter.Config.Utility.Hostname.Buffer.Overflow
- IrfranView.BMP.Image.Processing.Buffer.Overflow
- Java.Pack200.Decoding.Inner.Class.Integer.Overflow
- Java.RMI.Server.Insecure.Configuration.Java.Code.Execution
- Maya.Studio.Playlist.Buffer.Overflow
- MS.IE.FirefoxURL.Protocol.Handler.Command.Injection
- MS.Windows.GDI.Remote.Code.Execution.MS09-062
- MS.Windows.Media.Services.Nskey.Dll.ActiveX.Access
- NNTP.Article.name.Field.Processing.Buffer.Overflow
- Novell.GroupWise.SRC.Parameter.Stack.Overflow
- Oracle.Enterprise.Linux.Update.for.CUPS.ELSA-2007-1022
- Oracle.Enterprise.Linux.Update.for.CUPS.ELSA-2007-1023
- Oracle.Enterprise.Linux.Update.for.Firefox.ELSA-2008-1036
- Oracle.Enterprise.Linux.Update.for.imap.ELSA-2009-0275
- Oracle.Enterprise.Linux.Update.for.nfs-utils-lib.ELSA-2007-0951
- Oracle.Enterprise.Linux.Update.for.Poppler.ELSA-2007-1026
- Oracle.Enterprise.Linux.Update.for.Samba.ELSA-2007-1013
- Oracle.Enterprise.Linux.Update.for.SeaMonkey.ELSA-2007-1084
- Oracle.Enterprise.Linux.Update.for.TeTeX.ELSA-2007-1028
- Oracle.Enterprise.Linux.Update.for.Xpdf.ELSA-2007-1030
- Oracle.Java.docBase.Parameter.Overflow
- Oracle.Java.SE.Critical.Patch.Update.June.2011
- Red.Hat.Update.for.krb5.RHSA-2011-1851/1852
- Sun.Java.Runtime.CMM.ReadMabCurveData.Code.Execution
- Sun.Java.Runtime.Environment.Font.Parsing.Command.Execution
- Symantec.Alert.Management.System.Multiple.Overflow
- Symantec.Altiris.ConsoleUtilities.ActiveX.Control.RunCmd.Bu
- Symantec.Altiris.Deployment.Domain.Credential.Disclosure
- Symantec.Veritas.Backup.Exec.RPC.Heap.Buffer.Overflow
- Symantec.Veritas.Enterprise.vxsvc.Buffer.Overflow
- Symantec.Veritas.Storage.Foundation.Scheduler
- Apache.HTTP.Server.APR.AprFnmatch.DoS
- Java.Runtime.Environment.AWT.ImageRep.Heap.Buffer.Overflow.Vuln
- Java.Runtime.Environment.ImagingLib.Buffer.Overflow
- Java.Runtime.Environment.May.Allow.Same.Origin.Policy.Bypassed
- JAVA.Web.Start.Arbitrary.Code.Injection.Vulnerability
- Java.Web.Start.JPEG.Header.Parsing.Integer.Overflow
- Java.Web.Start.Multiple.Security.Vulns
- Java.Web.Start.Security.Vulnerability.Related.to.Incorrect.Use
- Java.Web.Start.Vulnerability.May.Allow.Privilege.Escalation
- JRE.Virtual.Machine.May.Allow.Elevation.of.Privileges
- MS.Office.Publisher.QHDR2.Struct.Code.Execution
- Multiple.Security.Vulnerabilities.in.Java.Runtime.Environment
- Multiple.Security.Vulnerabilities.in.Sun.Java
- Oracle.Java.docBase.Parameter.Buffer.Overflow
- Oracle.Java.FileDialog.Show.Buffer.Overflow
- Oracle.Java.MixerSequence.Array.Index.Remote.Code.Execution
- Oracle.Java.Runtime.Environment.Binary.Floating.Conversion.DoS
- Oracle.Java.SE.Critical.Patch.Update.February.2011
- Sun.Java.JDK.and.JRE.Multiple.Vulnerabilities
- Sun.Java.JDK.JRE.Security.Vulnerability.in.Secure.Static
- Sun.Java.JRE.Privilege.Escalation.246366
- Sun.Java.JRE.Vulnerabilities.Related.to.Processing.of.XML.Data
- Sun.Java.JRE.Web.Start.JNLP.File.Processing.Buffer.Overflow
- Sun.Java.Runtime.AWT.SetBytePixels.Heap.Overflow
- Sun.Java.Runtime.Environment.Font.Processing.Privilege.Vuln
- Sun.Java.Runtime.Environment.Privilege.Escalation.Vuln
- Sun.Java.Runtime.Environment.Remote.DoS.200739
- Sun.Java.Runtime.Environment.Script.Security.Vulns
- Sun.Java.Web.Start.Arbitrary.Command.Execution
- Sun.Java.Web.Start.Sandbox.Security.Bypass
- Sun.Java.Web.Start.XML.Header.Parsing.Stack.Buffer.Overflow
- SUN.JavaWebStart.JNLP.Property.Tags.Unauthorized.Access
- Sun.JRE.ActiveX.Control.Multiple.Remote.Vulnerabilities
- Sun.JRE.GIF.Image.Handling.Heap.Overflow
- Sun.JRE.Multiple.Privilege.Escalation.Vulns
- SUN.JRE.XML.Parsing.Remote.DoS.263489
- Sun.Microsystems.JDK.Image.Parsing.Library.Buffer.Overflow
1.246 ( Released: Jan 24, 2012 15:21:42 )
New ( 55 )- Adobe.PageMaker.Fontname.Buffer.Overflow
- Adobe.RoboHelp.Server.8.Security.Bypass.Vulnerability.APSA09-05
- Apple.QuickTime.IV32.Codec.Parsing.Buffer.Overflow
- Apple.Safari.URL.Protocol.Handler.Command.Injection
- BigAnt.Server.Buffer.Overflow.CVE-2008-1914
- BlackBerry.Application.Web.Loader.Load.ActiveX.Buffer.Overflow
- Borland.StarTeam.Multicast.Service.Parse.Reques.Buffer.Overflow
- CA.BrightStor.ARCserve.Backup.Message.Filedelete.RPC.Access
- ClamAV.libclamav.PE.File.Handling.Integer.Overflow.CVE-2008-031
- ELynx.SwiftView.ActiveX.Control.Access
- HP.Intelligent.Management.Center.tftpserver.WRQ.Code.Execution
- HP.OpenView.Network.Node.Manager.ovspmd.Buffer.Overflow
- IBM.Access.Support.AcpController.dll.ActiveX.Control.Access
- IBM.DB2.JDBC.Applet.Remote.Code.Execution
- IBM.Installation.Manager.iim.URI.Handling.Argument.Injection
- iPIX.Image.Well.ActiveX.Arguments.Handle.Buffer.Overflow
- Ipswitch.Collaboration.Suite.IMail.Code.Execution
- Macrovision.FLEXnet.Connect.InstallShield.Buffer.Overflow
- Macrovision.FlexNet.DownloadManager.Arbitrary.File.Download
- Macrovision.InstallShield.InstallFromTheWeb.ActiveX.Access
- Microgaming.Download.Helper.ActiveX.Control.Code.Execution
- Motorola.Timbuktu.Pro.PlughNTCommand.Buffer.Overflow
- Mozilla.Firefox.Javascript.DefineSetter.Code.Execution
- MS.AntiXSS.Lib.Info.Disclosure
- MS.Client.Server.Runtime.Subsystem.Elevation.Privilege.MS12-003
- MS.Excel.Remote.Code.Execution.Vulnerability.MS07-002
- MS.Kernel.Security.Feature.Bypass.MS12-001
- MS.Media.Remote.Code.Execution.MS12-004
- MS.Object.Packager.Remote.Code.Execution.MS12-002
- MS.OS.Remote.Code.Execution.MS12-005
- MS.SSL.TLS.Info.Disclosure
- MS.Visual.Basic.vb6stkit.dll.Remote.Buffer.Overflow
- MS.VS.VCMUTL.DLL.Unicode.ActiveX.Control.Access.IPS-23922
- MySpace.Uploader.Action.ActiveX.Control.Access
- Novell.EDirectory.SOAP.Accept.Language.Heap.Overflow
- Novell.Netware.XNFS.NLM.Component.Code.Execution
- Office.OCX.ActiveX.Control.OpenWebFile.Arbitrary.File.Execution
- OpenOffice.OLE.DocumentSummary.Heap.Buffer.Overflow
- Oracle.Database.Server.Network.Authentication.Buffer.Overflow
- Oracle.Enterprise.Linux.Update.for.CUPS.ELSA-2007-1020
- Oracle.Enterprise.Linux.Update.for.Firefox.ELSA-2007-0979
- Oracle.Enterprise.Linux.Update.for.Thunderbird.ELSA-2011-1439
- PeaZIP.Archived.FileName.Command.Injection
- Persists.XUpload.ActiveX.Buffer.Overflow
- Rising.Antivirus.Web.Scan.ActiveX.Control.Access
- Roxio.CinePlayer.IASystemInfo.dll.ActiveX.Buffer.Overflow
- SAP.EnjoySAP.ActiveX.Control.Command.Execution
- SAP.GUI.SAPBExCommonResources.ActiveX.Control.Access
- Symantec.Altiris.Deployment.ActiveX.Downloadandinstall.Control
- Symantec.VERITAS.Administrator.Service.Heap.Overflow
- Trend.Micro.Control.Manager.CasLogDirectInsertHandler.CSRF
- Trend.Micro.OfficeScan.Server.cgiRecvFile.Buffer.Overflow
- Trend.Micro.ServerProtect.TMregChange.Stack.Overflow.CVE-2007-4
- VMware.VmCOM.Dll.GuestInfo.Method.ActiveX.Control.Access
- XLAtunes.Album.Parameter.SQL.Injection.CVE-2007-1026
