You can view the listing of common vulnerabilities and exposures (CVEs) affecting your
inventory from the CVEs page in the WebSphere Automation UI. The CVEs are ranked by risk level and a list of
affected servers for each CVE is provided.
Before you begin
You must have a user profile with the View security data permission
or the Manage security data permission. For more information, see Configuring roles and
permissions.
If you do not see a listing of CVEs, either no servers are in the inventory, or you have
insufficient permissions. For instructions on registering servers, see Registering a server. For more
information about permissions, see Roles and
permissions.
Use the data to assess your exposures and plan your mitigation.
Note the following controls:
Filtering options:
CVE
To show only the servers affected by a CVE, check the box for that cell in the list. You can
select more than one CVE.
Sorting options (column headings):
Risk level
The severity of the security exposure with the greatest risk for each server, based on the CVSS
values of the affecting CVEs. The scale is from 0 (no risk) to 10 (extreme risk). By default, the
list of servers is sorted from greatest risk level to lowest.
Servers fixed
The number of registered servers that are fixed for this CVE. Click this heading to sort the
rows in increasing or decreasing order. For numbers that are identical, the rows are sorted by risk
level.
Servers vulnerable
The number of registered servers that are vulnerable to this CVE. In other words, the number of
servers to which the appropriate fix is not applied. Click this heading to sort the rows in
increasing or decreasing order. For numbers that are identical, the rows are sorted by risk
level.
Note the column headings:
Risk Level
The severity of the security exposures for this CVE, on a scale from 0 (no risk) to 10 (extreme
risk).
CVE
The CVE ID for the common vulnerability and exposure, as listed in the associated published
security bulletin. You can click this link to open the details page for this CVE, including a list
of registered servers that are affected by the CVE.
Days exposed
The highest number of days that one of the registered servers has been exposed to this CVE. For
example, if one server has been exposed to a CVE for 2 days, and another has been exposed for 4
days, then the number 4 is shown for the CVE.
Initial detection time
The date that WebSphere Automation first detected the vulnerability
on a server.
Note the following additional controls:
Download audit report
Opens a dialog to open or save an audit report with current common vulnerabilities and exposures
(CVEs) in comma-separated text format. For more information, see Generating an audit report with CVEs for all servers.