Discovered applications severity N/A

izhargeuze · November 24, 2022, 9:24am

Hallo community,

im doing some tests with GVM and run current on 21.4.5.
scans are fine but when i look at the results it has discovered vulnerable software. for instance cpe:/a:openbsd:openssh:7.4 and cpe:/a:dell:idrac7:2.60.60.60.

when i check the overview of applications the found applications have a severity of N/A. but when clicking on openssh7.4 it says 7.0 high.

can someone tell me if this is normal for the community version.
and is this something that will be added if you use the enterpise feed ?
and can you add the enterprise feed also to the community version, or only to a GVM appliance ?

thanks in advance,

Izhar

Martin · November 24, 2022, 2:32pm

Hello Izhar, welcome to the Greenbone forum!

I was able to reproduce the problem. It is related to how we convert the official NVD data in-house and affects all feeds currently. I have raised an internal issue to get this fixed, and we’ll get back to you in this topic!

We do not offer the Enterprise Feed for the Community Edition at the moment. The only way to access it is via our Enterprise Appliance or Cloud Services products.

izhargeuze · December 14, 2022, 2:42pm

Hallo Martin,

any news on the fix in the feeds ?

Martin · December 16, 2022, 1:36pm

No news so far, we are still working on it.

izhargeuze · March 6, 2023, 7:20am

Hallo, any progress to report or maybe a workaround for this ?

Martin · March 6, 2023, 3:59pm

There is still no solution available for this problem. As soon as I have any kind of feedback I will relay it in this topic.