Importing CVE and CCE lists

CVE and CCE lists can be added to BMC Client Management at any time. Some lists are available directly in the BMC Client Management Master installation folder. For CCE, the lists are located at <master_installation_dir>/data/Vision64Database/scap/data_feeds/nvdcce-0.1-feed.xml. For CVE, the lists are located at <master_installation_dir>/data/Vision64Database/scap/data_feeds/nvdcve-1.1-2020.json and <master_installation_dir>/data/Vision64Database/scap/data_feeds/nvdcve-1.1-2021.json.

Related topics

CVE-and-CCE-lists

Managing-compliance


Note:

BMC Client Management supports the JSON format feeds for import. NVD/CVE JSON feeds with CVSS and CPE mappings (version 2.0) can be downloaded from https://nvd.nist.gov/vuln/data-feeds#JSON_FEED. These feeds can be downloaded either in the ZIP or GZ format but must be deflated before import.

NVD/CCE XML feeds with 800-53 mappings can be downloaded at the following URL: http://nvd.nist.gov/cce.cfm.

To import these lists, proceed as follows:

  1. Click Edit > Import CVE List import_pkg.pngor Edit > Import CCE List import_pkg.png, depending on the list type to import.
     The Import a CVE List / Import a CCE List window opens on the screen.

  2. Browse to the directory into which you downloaded the list and select it.

    You can import several lists of the same type at the same time by holding the CTRL key when selecting the lists.

  3. Click Open.

The imported list is directly added to the CM reference database and displayed under the CVE & CCE Lists tab.

Note:

Depending on the number of lists selected and their size this operation can take some time. You can view the import status in the View column.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*