CVE DATA FOUND FOR MORE SOFTWARES BUT NOT DISPLAY ON CVE REPORTING

OCSInventory-NG / OCSInventory-ocsreports

Webconsole for OCS Inventory NG

https://www.ocsinventory-ng.org

GNU General Public License v2.0

226 stars 149 forks source link

CVE DATA FOUND FOR MORE SOFTWARES BUT NOT DISPLAY ON CVE REPORTING #1618

Open BEAR19931 opened 1 month ago

BEAR19931 commented 1 month ago

OS: Ubuntu 22.04.4 LTS OCS Version : 2.12.2 PHP: 8.2 APACHE: 2.4.52

CVE DATA FOUND FOR MORE SOFTWARES BUT NOT DISPLAY ON CVE REPORTING

CVE OCS

I also attach the regex of Adobe

REGEX

Instead for other software it finds and lists the CVEs

Attach example:

CVE FOUND

Thanks

LMS235 commented 1 month ago

can confirm the issue. CVEs are also found here, but are not displayed in the reporting.

Server Details: PHP-Version : 8.1.2 Webserver : Apache/2.4.52 (Ubuntu) Version OCSReports: 2.12.2

LMS235 commented 1 month ago

Link https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1603

charleneauger commented 2 days ago

Hi @LMS235 @BEAR19931 ,

The log info "CVE data found" means that the API request to CVE Search returned a list of CVEs for this software. From there, OCS will process the data and check if the versions match with the software present on OCS. If a CVE matches, then the log "CVE-[id] has been referenced" will be added and the entry will be added to the database.

I hope my explanation is understandable. :-)

Best regards, Charlene