The SSIM has Assets populated from the Asset Detector with some vulnerabilities listed on them. Not all vulnerabilities reported by the Point Product are listed on the Vulnerabilities tab of the Asset though.
Not all items reported from a compliance check are actually vulnerabilities.
Symantec CCS VM reports on a number of things depending on how the compliance check is setup.
For more information on the types of items in the results from a check, please read the CCSVM_users_guide.pdf
The Vulnerability Result Codes which are not vulnerabilities, but have been mistaken for actual vulnerabilities are:
Typically items with the Vulnerability Result Code of VE (Vulnerable, Exploited) do populate the Vulnerabilities tab of Assets through the Asset Detector. However, in some cases, even though these are Vulnerabilities that should be updated to the Asset, the event from CCS VM is missing a CVE and/or BID (BugTraq ID).
To be populated to the Vulnerabilities tab of an Asset, the event must contain a CVE or BID.
Applies To
Symantec Control Compliance Suite Vulnerability Manager (CCS VM)
Symantec Event Collector for CCS VM v4.4