Some vulnerabilities are not added to an Assets Vulnerabilities tab

book

Article ID: 157032

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

The SSIM has Assets populated from the Asset Detector with some vulnerabilities listed on them.  Not all vulnerabilities reported by the Point Product are listed on the Vulnerabilities tab of the Asset though.

Cause

Not all items reported from a compliance check are actually vulnerabilities.

Resolution

Symantec CCS VM reports on a number of things depending on how the compliance check is setup.

For more information on the types of items in the results from a check, please read the CCSVM_users_guide.pdf

The Vulnerability Result Codes which are not vulnerabilities, but have been mistaken for actual vulnerabilities are:

  • Vulnerable Version (Result Code VV) - This reports that the version of Software or Application is associated with known vulnerabilities but is not actually reporting the system/device as vulnerable.
  • Potential Vulnerability (Result Code VP) - This just shows the check for a potential vulnerability was positive, but not that an actual vulnerability was found.

Typically items with the Vulnerability Result Code of VE (Vulnerable, Exploited) do populate the Vulnerabilities tab of Assets through the Asset Detector.  However, in some cases, even though these are Vulnerabilities that should be updated to the Asset, the event from CCS VM is missing a CVE and/or BID (BugTraq ID).

To be populated to the Vulnerabilities tab of an Asset, the event must contain a CVE or BID.


Applies To

Symantec Control Compliance Suite Vulnerability Manager (CCS VM)

Symantec Event Collector for CCS VM v4.4