search

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.
Creative Commons Zero v1.0 Universal
399 stars 29 forks source link

Beyondtrust CPE Improvement Suggestions #38

Closed patrickmgarrity closed 1 month ago

patrickmgarrity commented 1 month ago

I noticed BeyondTrust CPE being expressed differently. Both of which I believe could be corrected and improved upon.

The CVE's impacted are: CVE-2024-4017 CVE-2024-4018 cpe:2.3:a:beyondtrust:u-series_appliance:-::::::: cpe:2.3:a:beyondtrust:u-series_appliance:3.4-4.0.3:::::::

Both CVEs provide version information and platforms impacted which should be used in creating the CPE.... "platforms": [ "Windows", "64 bit" ], "product": "U-Series Appliance", "vendor": "BeyondTrust", "versions": [ { "lessThan": "4.0.3", "status": "affected", "version": "3.4", "versionType": "custom"

jwoytek-cisa commented 1 month ago

@patrickmgarrity Thank you for finding this. We have made these consistent and used the correct versioning for both. We do not currently support filling the platform field when we add a CPE that is not in the NVD dictionary or prior data. The updated entries should be making their way out to the repository shortly.