Dear community When using the Vulnerability Assessment with Linux hosts, the results may include a lot of false positives. Distributions which are backporting security fixes (CentOS / Debian) do may not change the App Version when they got patched. https://access.redhat.com/security/updates/backporting "Backporting has a number of advantages for customers, but it can create confusion when it is not understood. Customers need to be aware that just looking at the version number of a package will not tell them if they are vulnerable or not" "We also supply OVAL definitions (machine-readable versions of our advisories) that third-party vulnerability tools can use to determine the status of vulnerabilities, even when security fixes have been backported." I didn't see much in the documentation, and I'm not sure if this is "working as expected" or if there is a way to improve the configuration for better detection. Cheers Fabian
... View more