Business Problem:

In Vulnerability Management (v1) -> Dashboard -> Node CVE pane, Until Red Hat provides an advisory for a particular CVE is possible using ACS UI to search a particular CVE using CVE Id. Vulnerability is known as not fixable. Whenever Red Hat provides an advisory to fix a vulnerability, this vulnerability is known as fixable and appears with RHSA Id but not with CVE Id. It is not possible to use the search field to find the CVE anymore.
 

Use Cases:

When working with Internal central teams CVE Id is the most common criteria. Since it is not possible to track vulnerabilities with this Id when is it fixable in Node CVE pane it introduces misunderstanding between our teams and possibly security issues due to lack of tracking on fixable CVE
 

Key Functionality:

Be able to track vulnerabilities in Node CVE pane using CVE Id as well and not only RHSA Id when vulnerability is known as fixable.
 

Benefits:

As a user or security auditor I track vulnerability with CVE Id (CVE-2024-xxx). I want to be able to track any CVE using the CVE Id since it is widely used a primary key to track vulnerabilities and preferred way to connect with Corporate Security Teams in almost all companies.

Implementation Suggestions (optional):

• Integration: Keep booth CVE Id and RHSA Id in the same table in Node CVE pane to be able to track booth.
• Dependencies: None

Timeline:

Standard priority