What is the difference between CVE and Closed CVE in an report?

Hi there,

I’ve added my plugins and OpenVAS ran them appropriately. So, in report page I’ve seen some of my plugins are shown in CVE tab and most of them are shown in CVE Closed tab. I want to know what the difference is between both of them and why is that happened ?

Thanks in advance.

Hi,

The ‘Closed CVEs’-report will produce a list of hosts and CVEs for which the respective test returned a ‘not vulnerable’ exit code, i.e. vulnerabilities/exposures that are fixed and don’t pose a threat on the reported hosts.

The ‘CVEs’-report on the other hand lists the detected CVEs and hosts that are actually vulnerable/exposed.

3 Likes

Thanks for your informative response. Where Could I find these status code and their meaning so that write my plugins based on them ?

I’ve found them.

https://github.com/greenbone/openvas-scanner/blob/master/nasl/nasl_misc_funcs.c#L53-L54

2 Likes