jwoytek-cisa
commented
3 months ago @patrickmgarrity Our analysts have been checking through these and updating as appropriate. Thank you!
Closed patrickmgarrity closed 3 months ago
jwoytek-cisa
commented
3 months ago @patrickmgarrity Our analysts have been checking through these and updating as appropriate. Thank you!
todb-cisa
commented
3 months ago In all cases, there should be no daylight between the CNA's CWE determination and the ADP's CWE determination. In many of these, the CWE section of the ADP bucket has already been removed -- we'll work on this process of removing after the vendor updates to ensure things go quicker.
I'm doing some research and noticed these CVEs have conflicting CNA / ADP CWE enrichment. Nothing I see as urgent but thought you might be interested in knowing so you can continue to refine your processeses.
CVE-2024-3367 CVE-2024-21885 CVE-2024-20361 CVE-2024-27310 CVE-2024-27312 CVE-2023-22934 CVE-2023-4234 CVE-2023-5675 CVE-2021-34983