Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-381

CVSS and threats impact are not associated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • None
    • None
    • sdengine
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • SECDATA-216 - SDEngine Backlog

      The CVSS and threats impact are not associated with the same list of products.

      Somehow the CVSS metrics are only associated with products that have been fixed via some advisory. When the “impact” category in the threat section is correctly associated with the whole list of products mentioned in the particular CVE.
      See for example:
      CVE-2022-40152

      The scores section contains only products that have some patches released (category is vendor_fix).

            mprpic@redhat.com Martin Prpic
            rh-ee-jvaught Jessie Vaught
            Przemyslaw Roguski
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: