CVEScannerV2 icon indicating copy to clipboard operation
CVEScannerV2 copied to clipboard

Published 20 hours ago verified publisher icon scmanjarrez

Cve returned seems wrong for Windows services

Open Anthony-76 opened this issue 7 months ago • 5 comments

Hi,

for Windows services, after nmap scan, CVEs returns are false in somes cases.

For Example :

Nmap scan a Windows server with Ms-SQL.

The version detected by nmap is : 1433/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.4100; SP1

Then cvescannerV2 scan like this:

| cvescannerv2: | product: sql_server | version: 2014 | vupdate: * | cves: 18

So cvescannerv2 analyze the MS-SQL service with version 2014 but it doesn't take the build release. So, the cve returns are often wrong or inexacts?

this issue appears with Windows and rarely with Linux .

Is there a solution to avoid theses falses positives?

Best regards Anthony

Anthony-76 avatar Jul 19 '24 15:07 Anthony-76