AnsweredAssumed Answered

Building a Search List for all OpenSSL Vulnerabilities

Question asked by scott stevens on Jun 9, 2014
Latest reply on Jun 13, 2014 by Joe Gregory

I haven't yet seen anything in this Community forum that gets this specific, hence me posting this.

 

I'd like to build a Search List & Option Profile that allows for the non-authenticated/remote discovery only of any/all OpenSSL related vulnerabilities.  Currently, I have a dynamic Search List that has these criteria only:

 

  1. Discovery Method - Remote Only
  2. Product - openssl

 

As of 6/9/14 this produces 26 total QIDs.  However, I'm finding that some CVEs are missing.  Is there a more comprehensive way of creating an all-inclusive OpenSSL search list?  Is "Vendor" an important criteria (I currently have set to "All")?

 

Cheers

Outcomes