Why Doesn't Vulnerability Count Match Between "All Known CVEs" And "Vulnerabilities" In Prisma Cloud Compute?

Why Doesn't Vulnerability Count Match Between "All Known CVEs" And "Vulnerabilities" In Prisma Cloud Compute?

1580
Created On 09/30/22 05:55 AM - Last Modified 05/26/23 00:27 AM


Question


Why Doesn't Vulnerability Count Match Between "All Known CVEs" And "Vulnerabilities" In Prisma Cloud Compute?
  • This is shown in Vulnerabilities (Compute> Monitor> Vulnerabilities> Image> Vulnerabilities):
Vulnerabilities 2.png
  • This is shown in All Known CVEs (Compute> Monitor> Vulnerabilities> Image> Package Info):
Packages info.png

As can be seen from the above, the numbers from Vulnerabilities and All Known CVEs does not match.

Environment


  • Prisma Cloud Compute
  • SaaS
  • Self-hosted

Answer


  • All Known CVEs is the number of CVEs that have been associated with the package that we have a record of, not what is currently impacting it. Therefore "All Known CVEs" will usually contain more number of CVES.
  • Vulnerabilities will show the number of CVEs which are currently impacting the image. 
  • Therefore, it is expected to see the numbers are different between "Vulnerabilities" and "All Known CVEs" from Compute> Monitor> Vulnerabilities> Image

Additional Information


More information for Vulnerability Detection can be found here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlgyCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail