Problem Statement

The customer requires a supported built-in CVE report or export capability in Red Hat Satellite.

Currently, Satellite reporting is errata-centric, and while the Insights Vulnerability tool presents CVE information, it does not provide a supported export function.

The requested capability is to provide either a built-in CVE report or an export feature within the Insights Vulnerability tool that allows CVE data to be exported in a supported manner.

The export should include the following fields:

<%- report_headers 'CVE','Erratum','Type','Severity','Published','Available since','Reboot suggested','Installable/Applicable','Host count','Operating System','Content Views','Title','Hosts (limit 20)','Packages' -%>

Optionally, the export may also include the CVSS score.

This CVE export is required so the customer’s Security team can reliably cross-check vulnerability status based on CVEs using supported Satellite functionality.

User Experience & Workflow

• Current Satellite flow: Provides errata-centric reports; Insights Vulnerability shows CVEs but cannot export them.

• User Experience & Workflow: The user requests a report/export and verifies vulnerability information without manual correlation.

• User Requirement: Provide a CVE-centric export/report including associated errata, host impact, availability status, and optionally CVSS score, so CVEs can be cross-checked reliably.

Requirements

Required features:

• Supported CVE-centric report or export capability

• One row per CVE

• Export format such as CSV or JSON

• Include ** CVE, Erratum, Type, Severity, Published, Available since, Reboot suggested, Installable/Applicable, Host count, Operating System, Content Views, Title, Hosts (limit 20), Packages. 

• Optional :

• CVSS score

• Export directly from Insights Vulnerability UI

Business Impact

Without this feature, the customer must rely on manual workflows or unsupported methods to extract CVE-based data, increasing effort and the risk of inaccuracies.