-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
-
Business Problem:
Per CX, MUFG's whole Vulnerability Management program risk assessment is based on the CVSS score for CVE from NVD. If the product is overriding it then we need the ability to see both the original and overridden score. Please raise a feature request if this doesn’t exist in the product currently. This will be a high-impact issue for the CX.
Use Cases:
When the CVSS score is overridden, it will also be able to show the NVD score.
Key Functionality:
CX will be able to get the original NVD score if the CVSS score is overridden.
Benefits:
To meet the security requirements
Acceptance criteria:
If the product is overriding it then CX needs the ability to see both the original and overridden score.
Implementation Suggestions (optional):
- Integration: [Specify any existing systems or tools that the new feature should integrate with]
- Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components]
- User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]
Timeline:
ASAP. This will be a high-impact issue for the CX.
[Specify the preferred implementation date or any specific deadlines for the feature implementation]
Please use the following Jira fields to complete this Feature Request
- [Jira Field] Summary Required: The option to view the CVSS NVD score when CVSS is overridden using the Red Hat security ratings.
- [Jira Field] Description: CX's whole Vulnerability management program risk assessment is based on the CVSS score for CVE from NVD. If the product is overriding it then CX needs the ability to see both original and overridden scores. Please raise a feature request if this doesn’t exist in the product currently. This will be a high-impact issue for them.
- [Jira Field] Component:
- [Jira Field] Priority: High
- [Jira Field] Supporting Documentation: https://issues.redhat.com/browse/ROX-18363
- Please see the attachment in https://issues.redhat.com/browse/ROX-18363
- is related to
-
RFE-5841 RHACS: expose only linked CVE(s) as an additional field on ACS (UI and API)
- Accepted