HPE Community
Server Management - Systems Insight Manager
1833813 Members
3047 Online
110063 Solutions
New Discussion

VPM not reporting critical vulnerabilities

 
Rob Buxton
Honored Contributor

‎02-14-2005 06:46 AM

‎02-14-2005 06:46 AM

VPM not reporting critical vulnerabilities

Over the weekend my VPM Repository did its Acquire Updates.
Of the January & February patches releases I'm still missing MS05-005, 006, 007, 008, 011, 012 & 013.
Last night I ran the Vulnerability Scan for my two licensed Servers. One is showing Red, with two missing patches, the other is still unchanged on one major alert (not patch related). The one reporting patches is still missing a couple of January Patches, they're the only ones reported.

If I run MBSACLI using the latest Baseline from MS against the same machines, it reports a number of missing Critical Patches.

What is behind on the HP VPM Site, what is missing from the scanning such that the February Critical Alerts are not reported?
Do I need to run the VPM Aquisition more often?
0 Kudos
Reply
1 REPLY 1
Rob Buxton
Honored Contributor

‎02-14-2005 07:37 AM

‎02-14-2005 07:37 AM

Re: VPM not reporting critical vulnerabilities

I've just rerun the Acquisition, this reported VPM/Stat updated and Scan Definitions up to date.
The Repository is still only reporting the MS05 patches as 001, 002, 003, 004, 009, 010, 014 & 015.
The rescan of the Server now updated from Major to Critical with 4 High Alerts. These now include MS05-004, 008, 010, 011, 013, 014 & 015. Still missing is MS05-012 from the reports and MS rate this as Critical.

Interestinly MS05-010 is rated Critical by MS and Low by the Harris VPM Scan.

So, it seems reporting is not consistent and it seems I'm still missing a number of MS Critical Patches from the Repository.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.