Discovered applications severity N/A

Hallo community,

im doing some tests with GVM and run current on 21.4.5.
scans are fine but when i look at the results it has discovered vulnerable software. for instance cpe:/a:openbsd:openssh:7.4 and cpe:/a:dell:idrac7:2.60.60.60.

when i check the overview of applications the found applications have a severity of N/A. but when clicking on openssh7.4 it says 7.0 high.

can someone tell me if this is normal for the community version.
and is this something that will be added if you use the enterpise feed ?
and can you add the enterprise feed also to the community version, or only to a GVM appliance ?

thanks in advance,

Izhar

Hello Izhar, welcome to the Greenbone forum!

I was able to reproduce the problem. It is related to how we convert the official NVD data in-house and affects all feeds currently. I have raised an internal issue to get this fixed, and we’ll get back to you in this topic!

We do not offer the Enterprise Feed for the Community Edition at the moment. The only way to access it is via our Enterprise Appliance or Cloud Services products.

1 Like