Low QoD value showing High threat vulnerabilities, Do I really need to worry

When QoD=70, I get only 1 Medium, 1 Low vulnerability in the report.

When I Set QoD=30, I get 5 High, 7 medium and 3 low vulnerabilities in the report.

My Question is, Do i really need to worry about those high vulnerabilities when qod=30 or i can just ignore them.

I mean is QoD=30 or < 70 really significant and should we worry.


Also my second question is, if QoD=30, I got few high vulnerability, It has low QOD because no exploit is available to exploit the vulnerability and that the result it just based on version detection and then the vulnerabilities found within the product for the given version found in NVD database.

Hi,

See 7 Reports and Vulnerability Management - Greenbone Cloud Service about the Quality of Detection (QoD) assigned to VTs.

In short, VTs with lower QoD have a higher chance of false-positives (e.g. because of backports from Linux distros or other means). So no indication at all to just ignore it but you can be quite sure that reports with higher QoD values are most likely no false-positives.

My advice is to manually check those reports with lower QoD and verify if the installed/running software is patched.

Best
Chris

3 Likes