Generating an audit report with CVEs for all servers

You can generate an audit report that shows a list of all common vulnerabilities and exposures (CVEs) in each runtime in your inventory in comma-separated value (CSV) format.

Before you begin

You must have a user profile with the View security data permission or the Manage security data permission. For more information, see Configuring roles and permissions.

Procedure

  1. Log in to WebSphere Automation.
    For more information, see Accessing the WebSphere Automation UI.
  2. If necessary, open the Security page, then click the CVEs tab, as shown in the following image.
    Figure 1. Example Servers page with vulnerability status of servers
    Example CVEs page showing vulnerabilities for all registered servers. Column headings include Risk level, CVE, Days Exposed, Fixed servers, Vulnerable servers, and Detection date.
    If you do not see a listing of CVEs, either no servers are registered, or you have insufficient permissions. For instructions on registering servers, see Registering a server. For more information about permissions, see Roles and permissions.
  3. Click Download audit report.
    In the system dialog that opens, you can open or save the audit report to your local computer.
  4. Open the audit report by using a program capable of viewing CSV files, such as a spreadsheet editor.
    The data looks similar to the following image:
    Figure 2. Viewing example audit report of CVEs for all registered servers in CSV format
    Example CSV file showing vulnerability status of servers. Column headings include Risk Level, CVSS, CVE, Bulletin, Bulletin URL, Days Exposed, Servers fixed, Servers vulnerable, and Initial detection time.
    Note the column headings:
    Risk level
    The risk label, based on the specific CVSS score.
    CVSS
    The numerical rating of the severity of the vulnerability on a scale of 0 to 10, according to the Common Vulnerability Scoring System (CVSS).
    CVE
    The CVE ID for the specific vulnerability.
    Bulletin
    The bulletin ID that contains the specific vulnerability.
    Bulletin URL
    The URL to the specific vulnerability on the IBM Support website.
    Days exposed
    The total number of days of vulnerability exposure for the registered server with the oldest detection date.
    Servers fixed
    The total number of registered servers for which the vulnerability is fixed.
    Servers Vulnerable
    The total number of registered servers that are currently vulnerable to this CVE.
    Initial Detection Time
    The date that the vulnerability was first detected on a registered server, in ISO standard yyyy-MM-dd (UTC time) format. The editor that you import the data into might convert the date to a different format.