During a customer security review or compliance validation process, customers may report security vulnerabilities (CVEs) detected through third-party vulnerability scanning tools.

The reported findings may raise concerns about whether the Symantec Security Platform (SSP) or Symantec Security Platform Intelligence (SSPI) components are affected or require patching.

SSP 

Follow the steps below to validate and address the reported vulnerabilities:

1. Collect CVE and Scan Details

• Obtain the following information from the customer:

  • CVE IDs detected during the scan.

  • Tool name and version used for vulnerability scanning.

  • Scan report extract showing affected packages and versions.

This information helps correlate the findings with SSP/SSPI package versions.

2. Verify Installed Package Version

• Log in to the SSP/SSPI node using SSH.

• Run the following command to check the installed package version:

   

  dpkg -l | grep '<package-name>'
   
• Compare the reported vulnerable package version with the one installed in SSP/SSPI.

3. Determine Applicability

• If the installed package version is equal to or higher than the fixed version mentioned in the CVE report → Not Applicable.

• If the version is lower, or if the package is not present in the CVE database, proceed to Step 4.

4. Escalate to Broadcom support team for further validation If reported CVE is:

• Fixed,

• False Positive, or

• Requires patch/update in a future release.