Prisma Cloud Compute: The number of vulnerability is not related to the number of the "All known CVEs"

Prisma Cloud Compute: The number of vulnerability is not related to the number of the "All known CVEs"

667
Created On 10/17/22 00:34 AM - Last Modified 11/21/24 19:38 PM


Question


We sometimes may find the difference between the number of detected vulnerabilities and the "All known CVEs".
Why didn't Prisma Cloud detect any vulnerabilities even if some packages have known CVEs?

(ex.) GUI Path: Runtime Security > Monitor > Vulnerabilities > Images > Select Image 
- Vulnerability (No detection)
image.png
- All know CVEs
image.png

 

Environment


  • Prisma Cloud Compute
  • Vulnerabilities 

Answer


The "All known CVEs" means the number of CVE that over all of the history of a package.
It doesn't mean the number of CVE related to the specific version of the package.
That means the current version of the package that you use might have already resolved some CVEs.

Therefore the number of vulnerabilities is not related to the number of the "All known CVEs".

Additional Information


This behavior is working by design.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZabCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail