Request an exception for an application vulnerable item

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Request an exception for an application vulnerable item that cannot be remediated immediately. For example, as a developer, you can request an exception if a patch is not available for a machine.

    Important :
    You can request exceptions for an application vulnerable item and a remediation task from the Vulnerability Manager Workspace and IT Remediation Workspace. For more information, see Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace and Request an exception in the IT Remediation Workspace.

    Avant de commencer

    Role required: Developer Group

    Procédure

    1. Navigate to Application Vulnerability Response > Application Vulnerable Items > All and select the item that you want to request an exception for.
      The selected item must be in Open or Under Investigation state.
      Remarque :

      Starting from v21.0 of Application Vulnerability Response, the previous state of an application vulnerable item is stored in the backup_state field.

    2. On the Application Vulnerable Item form, click Request Exception.
      Remarque :
      Depending on whether Vulnerability Response is selected or GRC: Policy and Compliance Management in the Application Vulnerability Response > Exception Management screen, the Request Exception form changes. If GRC: Policy and Compliance Management, see Request an exception for application vulnerabilities using GRC: Policy and Compliance Management
    3. If Vulnerability Response is selected in the Exception Management screen, fill in the fields in the Request Exception form.
      Tableau 1. Request Exception form
      Field Description
      Until Date on which the exception request expires. This date must be within the duration selected in the All > Application Vulnerability Response > Administration > Exception Management screen.
      When the exception request expires, the group reverts to its Open state.
      Remarque :
      Starting with version 18.0 of Application Vulnerability Response (AVR), a deferred application vulnerable item can be closed and reopened by a scanner. If the item reopens before the exception window expires, the state of the AVIT reverts to deferred state honouring the active exception window. To enable this functionality, set the value of the system property sn_vul.auto_defer_avit_in_active_exception_window to true. Also, the deferred Until date persists even after the AVIT gets closed or the exception expires. The role required is sn_vul.app_manage_exception_configuration for both read and write.
      Reason Select the Reason. Choices are:
      • Risk Accepted
      • Awaiting Maintenance Window
      • Fix Unavailable
      • Mitigating Control in Place
      • Other
      To see how to add new reason choices, refer Define policy reason mapping.
      Additional information Details that are related to the reason why this request is being made. This required field is to be updated by the remediation owner.
    4. Click Request Approval to submit the exception request.
      The state of the application vulnerability item changes to In Review. Use the State Change Approval tab to track the status of the exception request.