Viewing Common Vulnerabilities and Exposures information

Edit online

You can view and filter detailed reports on Common Vulnerabilities and Exposures (CVE) on the CVE information pages.

Before you begin

12.2 and later This feature is available in 12.2 and later versions of Guardium®.

Procedure

  1. To view all CVEs fixed in Guardium release 12.0 and later, go to Reports > Guardium Operational Reports > Guardium CVE Information.
    1. To search for CVEs by their CVE Number or Remote Data Source, click the Configure runtime parameters icon Configure runtime parameters.
    2. To download the CVE list, click Export.
  2. To filter CVEs that are relevant to your patch version, import your CVE file from the Nessus or Qualys vulnerability scanner agents to your Guardium system. Use only one of the following methods.
    Tip: The CVE file can be of any format but must include a dedicated column of CVE identifiers to process and filter the CVE list.
    • Import with secure copy (SCP).
      1. Run the following command in the CLI.
        import cvelist scp
      2. Enter the name of the CVE file with the full file path. For example, /home/use/Downloads/cve.csv.
      3. When prompted, enter the hostname, username, and password. Then, wait for the CVE file to complete processing.
    • Import with file server (SYS).
      1. Upload the CVE file to the file server. For more information, see Fileserver.
      2. Run the following command in the CLI.
        import cvelist sys
      3. When prompted, enter the name of the CVE file. For example, cve.csv.

        Then wait for the CVE file to complete processing.

  3. To view the filtered CVE list, go to Reports > Guardium Operational Reports > Filtered CVE Information.
    Important: Create support tickets only for CVEs that are not fixed in other versions.