Discovered applications severity N/A

izhargeuze · November 24, 2022, 9:24am

Hallo community,

im doing some tests with GVM and run current on 21.4.5.
scans are fine but when i look at the results it has discovered vulnerable software. for instance cpe:/a:openbsd:openssh:7.4 and cpe:/a:dell:idrac7:2.60.60.60.

when i check the overview of applications the found applications have a severity of N/A. but when clicking on openssh7.4 it says 7.0 high.

can someone tell me if this is normal for the community version.
and is this something that will be added if you use the enterpise feed ?
and can you add the enterprise feed also to the community version, or only to a GVM appliance ?

thanks in advance,

Izhar

Martin · November 24, 2022, 2:32pm

Hello Izhar, welcome to the Greenbone forum!

I was able to reproduce the problem. It is related to how we convert the official NVD data in-house and affects all feeds currently. I have raised an internal issue to get this fixed, and we’ll get back to you in this topic!

We do not offer the Enterprise Feed for the Community Edition at the moment. The only way to access it is via our Enterprise Appliance or Cloud Services products.

izhargeuze · December 14, 2022, 2:42pm

Hallo Martin,

any news on the fix in the feeds ?

Martin · December 16, 2022, 1:36pm

No news so far, we are still working on it.

izhargeuze · March 6, 2023, 7:20am

Hallo, any progress to report or maybe a workaround for this ?

Martin · March 6, 2023, 3:59pm

There is still no solution available for this problem. As soon as I have any kind of feedback I will relay it in this topic.

cfi · October 25, 2023, 3:37pm

As it is IMHO not really clear, is this about the “Applications” tab in the scan result of a “full and fast” scan?

If yes then this should be the expected behavior and there is no fix required because the “Applications” tab is showing only the severity of results matching the current filter.

As an example this is screenshot for a system having a single “High” severity:

Changing the filter at the top right from QoD must be at least 70% to QoD must be at least 0% will then show additional results like e.g. for the mentioned OpenSSH:

izhargeuze · November 6, 2023, 2:52pm

Hi,

thanks for the info.

i have checked this, but its not a resolution for me. i my case all the apps are N/A.
even when changing the QOD from 70 to 0 it stays that way.

what i find strange is that in your 1st screenshot you have 1 app with a score, and after chaning the Qod all of them have a score.

i cant understand how you get a score for apps, GVM told me that its a bug in the feed.

cfi · November 8, 2023, 11:20am

Just in short words / as a summary:

AFAICT the “Applications” tab is only showing a severity if the “Results” tab includes at least one result matching the current used filter for an application having a CPE available.

e.g. as long as the “Results” tab doesn’t show a severity the “Application” tab won’t show one either.

If the previously mentioned 21.04.5 version of the software stack is still in use this could be also play a role as 21.04 is EOL since January 2023 and has received the last update since around February 2022.

izhargeuze · November 10, 2023, 7:45am

@CFI,

not shure but i still think my results are not as desired.

i did a scan today of a system with lots of “old applications” and vulnerabilities.

the results are as follows. (sorry for the combines screenshot, new users can only upload 1 ??)

I can see very clear that adobe flash is there and ms edge and so-on.

the application Tab, now shows only 1 application with a score.

but when i open/click cpe:/a:adobe:flash_player:32.0.0.465

it will show an error.

and when opening CPE: cpe:/a:microsoft:sql_server:2012:sp1

and my espectation is that the score of 8.5 would also be visable in the application overview in the application tab.

but maybe Im wrong and can you or someone from GVM can shine a light on this ?