When using the Vulnerability Assessment with Linux hosts, the results may include a lot of false positives.
Distributions which are backporting security fixes (CentOS / Debian) do may not change the App Version when they got patched.
"Backporting has a number of advantages for customers, but it can create confusion when it is not understood. Customers need to be aware that just looking at the version number of a package will not tell them if they are vulnerable or not"
"We also supply OVAL definitions (machine-readable versions of our advisories) that third-party vulnerability tools can use to determine the status of vulnerabilities, even when security fixes have been backported."
I didn't see much in the documentation, and I'm not sure if this is "working as expected" or if there is a way to improve the configuration for better detection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!