Why a CVE is not found for an App/OS/Package on CVE Viewer of Prisma Cloud?
301
Created On 07/11/23 02:29 AM - Last Modified 02/20/25 18:20 PM
Question
- Why a CVE is not found for an App/OS/Package on CVE Viewer of Prisma Cloud?
Environment
- Prisma Cloud Runtime Security (SaaS)
- Prisma Cloud Compute Edition (Self-Hosted) v19.11 and later
- CVEs
- Vulnerability Management
Answer
- Not all manually installed vulnerable binaries are added to the Intelligence Stream
- CVEs are added to the Intelligence stream only for supported languages/OS/Application
Example:
Application 'PaperCut', which might have vulnerabilities and installed on a server, Vulnerabilities will not be detected by Prisma Cloud as currently it is not a supported Application.
Additional Information
References:
- Prisma Cloud vulnerability feed : Supported OS/Package/Application
- CVSS Scoring