Viewing vulnerability issues, CVE descriptions, and patches

You can research vulnerability issues and patch non-compliance discovered by an SCAP Compliance Job by using the exported results. The results include patch numbers and Common Vulnerabilities and Exposures (CVE) IDs associated with rules. For information about exporting and opening an XCCDF results file, see Exporting-SCAP-results.

To view software flaws, patches, and associated CVE information

1. Open the exported XCCDF results file.
2. Expand target results using the down arrow on the right of the output.
    The results shows one of nine states for each rule, including a value of Pass, Fail, Error, and so on.

3. To see CVE IDs and patch IDs associated with a rule, click the rule.

   Warning

   Note

   The report shows this information only for rules with a result of Pass or Fail.

   The link goes to the Rules section of the report, which contains more information about the rule, including CVE IDs referenced in the rule.

4. To see more information about a CVE ID, click the ID.
    A web page opens that includes details about the CVE.
5. To see more information about a patch ID, click the ID.
    A web page from the issuing vendor opens with details about the patch.