OCSInventory-ocsreports icon indicating copy to clipboard operation
OCSInventory-ocsreports copied to clipboard

Published 20 hours ago verified publisher icon OCSInventory-NG

CVE DATA FOUND FOR MORE SOFTWARES BUT NOT DISPLAY ON CVE REPORTING

Open BEAR19931 opened this issue 1 year ago • 2 comments

OS: Ubuntu 22.04.4 LTS OCS Version : 2.12.2 PHP: 8.2 APACHE: 2.4.52

CVE DATA FOUND FOR MORE SOFTWARES BUT NOT DISPLAY ON CVE REPORTING

CVE OCS

I also attach the regex of Adobe

REGEX

Instead for other software it finds and lists the CVEs

Attach example:

CVE FOUND

Thanks

BEAR19931 avatar Jul 15 '24 15:07 BEAR19931

can confirm the issue. CVEs are also found here, but are not displayed in the reporting.

Server Details: PHP-Version : 8.1.2 Webserver : Apache/2.4.52 (Ubuntu) Version OCSReports: 2.12.2

LMS235 avatar Jul 16 '24 06:07 LMS235

Link https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1603

LMS235 avatar Jul 18 '24 09:07 LMS235

Hi @LMS235 @BEAR19931 ,

The log info "CVE data found" means that the API request to CVE Search returned a list of CVEs for this software. From there, OCS will process the data and check if the versions match with the software present on OCS. If a CVE matches, then the log "CVE-[id] has been referenced" will be added and the entry will be added to the database.

I hope my explanation is understandable. :-)

Best regards, Charlene

charleneauger avatar Sep 06 '24 07:09 charleneauger

Hi @charleneauger,

Thanks for the explanation

Bye!

blue-wq avatar Sep 30 '24 10:09 blue-wq