AnsweredAssumed Answered

Redundant entries in Score Card Report of Ignored Vulnerabilities

Question asked by mark alvarez on Nov 6, 2013
Latest reply on Nov 7, 2013 by Philip Niegos

The scorecard report that shows a list of all ignored vulnerabilities contains redundant entries.

 

 

This happens when one ignores a QID discovered on one port (e.g., port 80), and later ignores the same QID discovered on another port (e.g., port 443) on the samehost. It will have two entries in the Score Card report but the TCP/IP port is not indicated anywhere in that report so those basically turn out to be redundant entries.

 

 

Is it by design or could it be changed such that when one ignores avulnerability on one TCP/IP port on a host or IP, then all QIDs that will appear on different ports are also ignored?

 

If the above cannot be done, then I guess just indicating the TCP/IP port numbers on the Score Card report of Ignored Vulnerabilities should be helpful.

 

 

Any thoughts?

Outcomes