Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

The CVE component

BMC Server Automation supports the SCAP Common Vulnerabilities and Exposures (CVE) enumeration.

CVE is an SCAP nomenclature and dictionary of security-related software flaws and vulnerabilities. The SCAP source data stream that BMC Server Automation uses for SCAP compliance scans should include CVE IDs. The SCAP result data stream includes CVE IDs.

BMC Server Automation provides drill-down features for researching vulnerabilities associated with each rule, on each target server. To implement those features, from the GUI console, users export the XCCDF results to an XML file. The export includes a .xslt file that enables a fully formatted view of the results in a web browser. In the browser-displayed report, users can click a specific Benchmark rule to view details about the rule, including a list of CVE IDs associated with the rule. Each listed CVE ID is an active link to the specific web page about that CVE ID on http://cve.mitre.org. The web pages display the CVE description and links to technical references.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Server Automation 8.3