CVEs and CPEs with score = 0, log and N/A

Hello again.
I will use this topic to ask another question.

Is this normal ?

Screenshot 2022-01-31 at 10-45-32 Greenbone Security Assistant - CVEs1883×755 76.6 KB

Screenshot 2022-01-31 at 10-53-27 Greenbone Security Assistant - CPEs1897×653 65.4 KB

Aren’t they too many CVEs and CPEs with score = 0, log and N/A ?
My feed status →

Screenshot 2022-01-31 at 10-51-02 Greenbone Security Assistant - Feed Status838×259 16.2 KB

Hi @AyyJYH, I’ve moved this to a new topic for better visibility.

Hi again @AyyJYH, I have some information about this.

Yep, this is normal. New CVEs usually have 0 or N/A as score because they will reserved in the first step, and then later the vendor may/will publish more details about the issue, and then the severity can be calculated. Here’s an example of a new (at this time) CVE NVD - CVE-2022-23968 (there’s also a N/A score at NIST) and a screenshot of the current state for reference.

CVE-Noscore-Snapshot1694×1291 354 KB

After the score is assigned then needs to arrive in the Greenbone feeds, and sometimes there can be an additional 24 hour window between assignment and propagation.

Hope that helps!

Thanks.
I’ll check it in a few days.