im doing some tests with GVM and run current on 21.4.5.
scans are fine but when i look at the results it has discovered vulnerable software. for instance cpe:/a:openbsd:openssh:7.4 and cpe:/a:dell:idrac7:2.60.60.60.
when i check the overview of applications the found applications have a severity of N/A. but when clicking on openssh7.4 it says 7.0 high.
can someone tell me if this is normal for the community version.
and is this something that will be added if you use the enterpise feed ?
and can you add the enterprise feed also to the community version, or only to a GVM appliance ?
I was able to reproduce the problem. It is related to how we convert the official NVD data in-house and affects all feeds currently. I have raised an internal issue to get this fixed, and we’ll get back to you in this topic!
We do not offer the Enterprise Feed for the Community Edition at the moment. The only way to access it is via our Enterprise Appliance or Cloud Services products.
As it is IMHO not really clear, is this about the “Applications” tab in the scan result of a “full and fast” scan?
If yes then this should be the expected behavior and there is no fix required because the “Applications” tab is showing only the severity of results matching the current filter.
As an example this is screenshot for a system having a single “High” severity:
Changing the filter at the top right from QoD must be at least 70% to QoD must be at least 0% will then show additional results like e.g. for the mentioned OpenSSH:
AFAICT the “Applications” tab is only showing a severity if the “Results” tab includes at least one result matching the current used filter for an application having a CPE available.
e.g. as long as the “Results” tab doesn’t show a severity the “Application” tab won’t show one either.
If the previously mentioned 21.04.5 version of the software stack is still in use this could be also play a role as 21.04 is EOL since January 2023 and has received the last update since around February 2022.