Known Issues and Limitations

The following are the known issues and limitations of Vulnerability Integration with Qualys WAS:

  • Qualys WAS module does not support 'Sensitive Content' and 'Potential' as a vulnerability type for non-qualys (For example, Burp, Bugcrowd) detections.
  • Qualys WAS API returns 0 detections for 'Information_Gathered' vulnerability type for non-qualys (For example, Burp, Bugcrowd) detections.
  • ServiceNow Vulnerability Response Integration with Qualys WAS app might face issues with connectivity to the Qualys platform if the ServiceNow instance is missing the Key Management Framework plugin on the Quebec version. Make sure your ServiceNow instance has the latest patch installed.
  • If you try to pull the already existing detections with a Deferred state or a False Positive state when the Triaging is enabled, the whole batch of API responses fails to update in the table (sn_vul_app_vulnerable_item), resulting in data loss. This is a known issue for the ServiceNow Vulnerability Response Application. Ref. ticket PRB—PRB1564344 [support.servicenow.com].
  • As per the design of the ServiceNow Vulnerability Response application, Web application name records in the table (sn_vul_app_scanned_application) are not updated even if the fields (such as application name and URL) are updated from the Qualys UI.
  • When triaging is turned on, the AVIT states are not updating correctly based on the triaging state map. This issue is currently under investigation in collaboration with ServiceNow.

Related Topic

Qualys WAS Integrations

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.