Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Why VIT gets created with CVE id's instead of Third party id's?

Go to solution
Venkatesh4
Tera Expert

‎10-05-2023 01:54 PM

Hi All,

 

I have installed Qualys scanner for our VR implementation.

 

When a Vulnerable item is generated, some of the VITs have the vulnerability marked with a CVE id (Referring to NVD Record) rather than a QID, while others are tagged with a QID (Third Party Id).

 

is that expected?

0 Helpfuls
  • 952 Views
1 ACCEPTED SOLUTION

Go to solution
Simon Hendery
Tera Patron
Tera Patron

‎10-05-2023 03:17 PM

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

 

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

 

SimonHendery_0-1696543848804.png

 

SimonHendery_1-1696543902641.png

 

I hope that helps 🙂

View solution in original post

0 Helpfuls
1 REPLY 1

Go to solution
Simon Hendery
Tera Patron
Tera Patron

‎10-05-2023 03:17 PM

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

 

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

 

SimonHendery_0-1696543848804.png

 

SimonHendery_1-1696543902641.png

 

I hope that helps 🙂

0 Helpfuls