Closed patrickmgarrity closed 1 month ago
@patrickmgarrity Thank you for finding this. We have made these consistent and used the correct versioning for both. We do not currently support filling the platform field when we add a CPE that is not in the NVD dictionary or prior data. The updated entries should be making their way out to the repository shortly.
I noticed BeyondTrust CPE being expressed differently. Both of which I believe could be corrected and improved upon.
The CVE's impacted are: CVE-2024-4017 CVE-2024-4018 cpe:2.3:a:beyondtrust:u-series_appliance:-::::::: cpe:2.3:a:beyondtrust:u-series_appliance:3.4-4.0.3:::::::
Both CVEs provide version information and platforms impacted which should be used in creating the CPE.... "platforms": [ "Windows", "64 bit" ], "product": "U-Series Appliance", "vendor": "BeyondTrust", "versions": [ { "lessThan": "4.0.3", "status": "affected", "version": "3.4", "versionType": "custom"