Lets say there is a Vulnerability ID 'X', and it is being detected on 'Server1' as per record in CVDETECTED table, next day I patched 'Server1' that vulnerability X clears out (now it no longer shows that Server1 is vulnerable to X as it got fully patched), That record in CVDETECTED table gets cleared. So my doubt is after 1 week or 1 month if I want to report that what Vulnerabilities 'Server1' was vulnerable to? How can I report that? Is there any table where this information gets stored may be for sometime?
I understand that we can see the 'Patch History' table where it shows that all the patches those got successfully installed or failed and on what date. However 'Patch History' table only shows 'Patch', but I am trying to report on 'Vulnerability ID' as that is the most recommenced way to report on. Reporting based on Patches get very messy and complicated as per the information I have learned and experienced from excellent community posts written by @ Paul Hoffmann