Why VIT gets created with CVE id's instead of Third party id's?

Venkatesh4
Tera Expert

Hi All,

 

I have installed Qualys scanner for our VR implementation.

 

When a Vulnerable item is generated, some of the VITs have the vulnerability marked with a CVE id (Referring to NVD Record) rather than a QID, while others are tagged with a QID (Third Party Id).

 

is that expected?

1 ACCEPTED SOLUTION

Simon Hendery
Mega Patron
Mega Patron

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

 

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

 

SimonHendery_0-1696543848804.png

 

SimonHendery_1-1696543902641.png

 

I hope that helps 🙂

View solution in original post

1 REPLY 1

Simon Hendery
Mega Patron
Mega Patron

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

 

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

 

SimonHendery_0-1696543848804.png

 

SimonHendery_1-1696543902641.png

 

I hope that helps 🙂