CVE-2018-20033: End of Support for the Secunia Community Site

Summary

This article documents the accessibility of Secunia research through FlexNet Code Insight following the closure of the Secunia Community site in February 2019

Synopsis

The Secunia Community site will become inaccessible at the end of February.

A future release of Code Insight will incorporate the following changes to ensure access to Secunia data:

• Deliver additional Secunia Advisory properties (currently visible on the Secunia Community site) to Code Insight through the Electronic Update service.
• Provide a new Get Vulnerability Details REST API to obtain the additional Secunia Advisory data.
• Develop a new “vulnerability details” interface to display additional Secunia Advisory data.

Meanwhile, if you want to temporarily disable Secunia Advisories from Code Insight, refer to the instructions below for your version of the product.

Code Insight 6.13.0 (or later)

Follow the steps below to disable Secunia Advisories from Code Insight v6 (JIRA: SCA-8639)

1. Update the following properties in /FNCI_ROOT/config/core/core.properties:
   • disable.secunia=true (value is false by default)
   • enable.forceupdate=true (value is false by default)
2. Restart Code Insight
3. Force an electronic update
   • Log in as an Administrator
   • Navigate to Administration >> Updates
   • Manually trigger an Electronic Update

Code Insight 2019 R1 (or later)

Follow the steps below to disable Secunia Advisories from Code Insight v7 (JIRA: SCA-12114)

1. Execute the following database SQL insert statement using a database client of your choice:
   • INSERT INTO PAS_GLOBAL_PROPERTIES (SERVER_ID_, KEY_, VALUE_, ENCRYPTED_) VALUES (0, 'disable.secunia’, 'true’, 0);
2. Restart Code Insight
3. Force an electronic update
   • Log in as an Administrator
   • Navigate to Administration >> Electronic Update
   • Check the Force Full Electronic Update option
   • Click the Schedule Update button