Open m00tt opened 3 years ago
Hi, very strange. I've checked on hears.patrowl.io and the CPE is correctly set:
Do you have any error in logs ?
I apologize for the delay in replying. No, no errors are shown in logs.
This is my import JSON of CVE-2021-23988
{
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23988",
"ASSIGNER": "security@mozilla.org"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684994%2C1686653",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684994%2C1686653",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
"refsource": "MISC",
"tags": [
"Vendor Advisory",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202104-10",
"name": "GLSA-202104-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory",
"Third Party Advisory"
]
}
]
},
"description": {
"description_data": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87."
}
]
}
},
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:",
"versionEndExcluding": "87.0",
"cpe_name": []
}
]
}
]
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"severity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
},
"publishedDate": "2021-03-31T14:15Z",
"lastModifiedDate": "2021-06-02T14:48Z"
}
PatrowlHears is used with all default settings. Do you have any idea what the problem might be?
Some CPEs are not visible within the Paltrow dashboard (eg CVE-2021-23988).
By checking the import log there are no CPEs, but Patrowl still manages to categorize the CVE through "vendor: technology" (as if it were aware of the CPE).
By searching for the CVE on the NIST website, the information relating to the CPEs is correctly visible.