Why VIT gets created with CVE id's instead of Third party id's?

Community Alums · ‎10-05-2023

Hi All,

I have installed Qualys scanner for our VR implementation.

When a Vulnerable item is generated, some of the VITs have the vulnerability marked with a CVE id (Referring to NVD Record) rather than a QID, while others are tagged with a QID (Third Party Id).

is that expected?

Simon Hendery · ‎10-05-2023

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

I hope that helps 🙂

View solution in original post

Simon Hendery · ‎10-05-2023

Qualys imports items into the the Third-Party Vulnerability Entry table (sn_vuln_third_party_entry), where they all have a QID number assigned.

The Third-Party Vulnerability Entry table extends the Vulnerability Entry table (sn_vul_entry). If you look at a record in the TPVE table, you should find it has a 'QID' ID plus a CVE ID under 'Related Links':

I hope that helps 🙂