Issue for detecting CVE

ha2 · March 5, 2023, 10:54pm

Hi
I was wondering if someone could shed some light on the issue im having, Currently i have version Version 22.4.0

and for some reason its not detecting a CVE which my GLPI has at the moment
i checked in the database of openvas and it shows correctly CVE-2022-35914

i tried scanner though https and http, i also tried scanning just the port which has the container GLPI and does not find nothing, Any ideas what im missing?

Thank you

_OR · March 6, 2023, 8:09am

Hi, the VT in question is only available to customers of the Greenbone Enterprise Feed

bricks · March 6, 2023, 9:17am

Some background, the detection of a CVE doesn’t depend on the CVE listed in the UI. It depends on an available Vulnerability Test (VT) for checking the vulnerability referenced in the CVE data.

cfi · March 6, 2023, 11:08am

To summarize that there is no issue here (info taken from CVE-2022-4877 severity - #2 by cfi):

The SecInfo -> CVEs view is completely unrelated to any vulnerability tests (expect “CVE scans”) and is supplemental data for cross-references and similar (SCAP data).
If a CVE is listed in SecInfo -> CVEs it doesn’t mean that a VT which could be used during scans exists.
The availability of a VT needs to be looked up via SecInfo -> NVTs instead.
A VT for CVE-2022-35914 is available in the Greenbone Enterprise Feed only.

ha2 · March 6, 2023, 6:40pm

Thanks for the reply, so from what i understand, not all CVE is included in the opensource, So in the NVT option of the greenbone interface would be the ones that are included in the opensource?

bricks · March 7, 2023, 7:31am

No not at all!

Again the list of CVEs is just informational data. It has nothing to do with the availability of vulnerability tests. It contains CVE information which aren’t detected by our software for various reasons.

If a vulnerability is detected depends on the availability of a vulnerability test (VT or NVT) which can be found at SecInfo → NVTs in the web UI. If a vulnerability is found by a VT it often contains one or more references to a CVE ID. So the reported vulnerability detected by a VT can be enriched with the available CVE information. It’s similar as like adding a URL link to the CVEs at https://cve.mitre.org/.

The amount of CVE information is the same for the open source Greenbone Community Edition and the commercial Greenbone Enterprise Edition. Both come with exactly the same CVE list. They just differ in the amount of vulnerability tests.