Not all vulnerabilities are necessarily associated to a CVE-ID (for instance, most of the LANDesk patches aren't going to have one).
If you'd care to highlight a few examples that are relevant to you, it may lead to a more beneficial conversation .
Here is an example - one of many:
Title:MS Security Update August 2017 – Security update for the Windows Search remote code execution vulnerability: August 8, 2017 (4034034)
Link to CVE-ID: https://nvd.nist.gov/vuln/detail/CVE-2017-8620
1 of 1 people found this helpful
I shall poke the content folks & see what's what.
As a general note - if you feel that we're either missing stuff or "doing things wrong" (false positives, etc) that can/is usually handled via support tickets. The Content Team gets notified by support if there's any issues with anything.
I don't mind helping out informally on occasion (such as here) - just letting you know what the process is usually for content issues.
I shall let you know what I hear back.
Note - you may also want to update your content -- the CVE-ID is definitely there. (I've moved the CVE-ID column into the 2nd place so you can see it easier):
Not sure how old your content is (I happened to update mine this morning (Aug 31st 2017) on an unrelated matter.
EDIT: In case it's relevant - this is from a 2016.3 Core
EDIT 2 - nevermind you were talking about the CVSS fields, not CVE-ID. My stupid. Right - correcting my poke to the content folks & going to see what's what .
Thanks for your time phoffmann!
Yes it is the CVSS field that we are looking at here. i just took a look at our Global detected folder and we have a 132 of 674 CVE-ID's which don't currently have a CVSS rating.
Our content is updated daily along with a historical Gather.
I have also modified my Columns as you suggested
I will raise a ticket to cover the 132 (i have exported the data for review into a CSV)
OK - heard back from the content folks.
It looks like the NIST (www-)side of things changed, and thus our harvesting of that data ran into issues. They're going to fix that up and improve processes so that we should be more conciously aware of stuff being changed. (WWW-sites changing stuff on us isn't new - LDDA runs into that a lot with hardware vendor stuff like warranty information).
Should be a relatively simple fix (I'm told) and so you should be able to see the CVSS'es within content soon.
Mystery solved .
Got a poke from the content team - the content updates should be done. 1034 vulnerabilities have been updated ... so not a small amount .