Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

The CVSS component

BMC Server Automation displays the Common Vulnerability Scoring System (CVSS) impact-metric value associated with a rule in the exported results file.

CVSS is an SCAP specification that describes the characteristics and impacts of IT vulnerabilities. The SCAP source data stream that BMC Server Automation uses for SCAP compliance scans can optionally include impact-metric values for rules. If a rule in the imported benchmark includes an impact-metric value, that value is included in the SCAP result data stream.

To view the impact-metric value associated with a rule, users perform the export function from the GUI console, exporting the XCCDF results to an XML file. The export includes a .xslt file that enables a fully formatted view of the results in a web browser. In the browser-displayed report, users can click a specific Benchmark rule to view details about the rule, including the CVSS impact-metric value assigned to the rule by the Benchmark author. If a rule does not have an impact-metric value assigned to it, then the CVSS field in the report is blank.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Server Automation 8.3