Cannot detect vulnerabilities of Elastic Kibana (even though CVEs are present in DTB)

Hi, I’m currently dealing with an issue where the scanner isn’t detecting a vulnerability that we have on Elastic Kibana (since we’re running a lower version). The vulnerabilities in question are CVE-2024-43707, CVE-2024-43708, and CVE-2024-52972. The scanner is set to ALL IANA TCP, Full and Fast.

What’s strange is that when I check the CVE list in the scanner’s settings, these vulnerabilities are listed there.

Does anyone have an idea what could be causing this? Thanks a lot!

From my search it appears that NVTs for these CVEs are only available in the Greenbone Enterprise Feed. Can you confirm that and also provide more information about which Enterprise Product you are using.

2 Likes

Only a few short remarks:

  • If the CVEs in question have been found via the SecInfo/Security Information -> CVEs view within the GUI:
    • This is a common misunderstanding, this view just lists all available/published CVEs (basically a local copy of the NVD database)
    • if a CVE is showing up there it doesn’t mean it is covered via one or more vulnerability tests (VTs)
  • To check if a CVE is covered via a VT within the current used feed (e.g. community or enterprise) one of the following views needs to be used:
    1. SecInfo/Security Information -> NVTs and search for the CVE there
    2. SecInfo/Security Information -> CVEs, then search for the CVE, click on it, open the CVE via the magnifier with the plus in it and scroll down to see if the “NVTs addressing this CVE” section is there and contains a VT
  • Indeed Kibana VTs (created in 2023 and later) are only part of the commercial enterprise feed
2 Likes