Management and Security

Converting a CVE list to Patch vulnerabilities (2019 and newer)

Sometimes customers have a list of CVEs from an external source, and they want to patch them using Patch and Compliance. If the CVE list is in a .csv file format, you can import it and have Patch and Compliance show vulnerabilities in its database that will fix the imported CVEs.

To import a CVE file
  1. Click Tools > Security and Compliance > Patch and Compliance, and on the toolbar click the Import CVE file toolbar button .
  2. Browse for your .csv format CVE file.
  3. Select the column that contains the CVE data and click the Import CVEs from Column button.
  4. An Import CVEs progress dialog box appears showing the vulnerability search status. Once the search is complete, the CVE Vulnerabilities window shows the results.

You can search the results or use the Export to CSV file button to export them. Use the Build custom group button to create a group that patches CVEs in the list. The group will appear in Patch and Compliance under the My custom groups tree item.

Detected vulnerabilities show a Definition ID and a Superceded Definition ID. The Definition ID is the latest version of the vulnerability that patches the CVE. For example, a Java CVE that is three years old can be patched with a vulnerability that is much more recent and that patches multiple CVEs, rather than the vulnerability created for the CVE when the vulnerability was first discovered (the Superceded Definition ID).

Items that aren't a CVE or that couldn't be found will have a Definition ID of NA.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other