Fasle Positive when checking scan engine

This message starts to come up a few days ago:

Version of installed component: 21.4.3 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on GVM >= 10) Latest available openvas-scanner version: 21.4.4 Reference URL(s) for the latest available version: GVM 21.04 (stable, initial release 2021-04-16)

I think 21.x.x is new enough !?

This message / report is absolutely valid. Some reasons why the version (even for minor releases of the scan engine) should be kept up to date have been given in the past here:

And as there are e.g. even extensions on the scanner side in minor release jumps like from 21.4.2 to 21.4.3 on which VTs rely to report / detect vulnerabilities it is important to keep the scanner engine up to date.

1 Like

Thanks for your fast reply.
I understand. But is this really a priority 10 ?
We will update as soon as possible.

The priority of 10 is a default and currently used because there is no other means of user notification for such outdated versions available within GVM.

If you like you can also set a lower/custom severity or even set it to 0.0 like mentioned in the VT description:

If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.

with the reference to:


1 Like

I understand the idea.
I will discuss internally if disabling is an option …
Thanks for your help!

1 Like

Normally you should update the tool chain, otherwise you risk false negatives.

1 Like

Of course we will update the tool chain, but the pressure a 10.0 rating creates is fairly hard. But to be honest I have no better idea :wink:

Thanks for the good work and keep on.

1 Like