GVM mixing NVT's and CVE's

GVM versions

gsad: (‘gsad --version’) = 21.04.0
gvmd: (‘gvmd --version’) = 21.4.0
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’) = 21.4.0
gvm-libs: = 21.4.0


Operating system:
Kernel: (‘uname -a’) = Ubuntu 20.10 x86_64

Hello guys, I am having problems with GVM.
This instalation is on a fresh Linux VM, I was running GVM without an issue before but it seems like its bugged out now I suppose? (Before I was using older version, now I’ve deployed newest on my fresh VM.)
I would really appreciate any help I may receive with this, it seems that my GVM is mixing CVE’s with NVT’s.
Reports page is broken because of this, CVE scanner “works” but reports are also broken.
I cannot export PDF report for CVE scanner because of this, I cannot click the “Report” on my panel because of it.
The error I receive when trying to open report on “/report/a415aafc-78e6-4607-946b-1562e948242f” URL is :

Error while loading Report a415aafc-78e6-4607-946b-1562e948242f
TypeError: Cannot read property 'score' of undefined
TypeError: Cannot read property 'score' of undefined

It seems like I cannot access those CVE’s so it cant calculate score.
I found a way out of this situation to see which CVE’s are in question, on report summary page I click on “Corresponding Vulnerabilites” ICON that leads me to next url :

Here I can see that CVE in question is ex. “CVE-2018-5951”, but hyperlink for that is trying to lead me on “/nvt/CVE-2018-5951” - which ofcourse says :
The NVT you were looking for could not be found.
You might have followed an incorrect link and the NVT does not exist.

When manually replacing that link and switching “nvt” with “cve” - everything works…

Openvas scanner works just fine, I am only having problems with CVE scanner.
It actually displays CVE vulnerabilities as score on front page.

But I cannot access reports generated by CVE scanner.

I am banging my head against the wall for over a week now, please help me so I can stop wasting my free time on debugging this thing.
As always, thank you guys!

I have the exact same issue, please can we have some assistance.

You should try the following steps

  1. Stop the ospd-openvas and gvmd services
  2. Remove the PID file /var/run/ospd/ospd-openvas.pid (if not removed already)
  3. Restart the ospd-openvas service
  4. run gvmd --rebuild as the gvmd user (depends on the installation method)
  5. Restart the gvmd service

Additionally the GSA should be fixed already in the 21.04 branch in the regard that it doesn’t show a traceback anymore (https://github.com/greenbone/gsa/pull/2944)

1 Like

I have this problem too. When I replaced “nvd” with “cve” the link worked, but reports did not work. Also, I tried ‘gvmd --rebuild’ but received the error:

A feed sync is already running.
Failed to rebuild NVT cache.

Hi @rippledj and welcome to the forum :slight_smile:

Did you stop the services before running gvmd --rebuild first and remove the PID file?
Aldo, which version are you using? Thanks!

I had started to use the CVE Scanner a few days ago and remembered this topic. Just have re-checked with a current installation of all GVM components from the stable github branches (which are basically the version 21.04.4) and i’m unable to reproduce the incorrect links so it is very likely that this has been already solved in the most recent versions of GVM / gsa.

1 Like

Please bear with me, because I’m fairly new to GVM / OpenVAS. This is what I did and the output:

$ uname -r 
$ gvm-cli socket --xml "<get_version/>"
<get_version_response status="200" status_text="OK"><version>21.4</version></get_version_response>

I guess that means I’m running version 21.4? I’m still a bit confused by all the conglomerate of components involved, so I wrote this article while learning: Intro To Greenbone Vulnerability Manger – Ripple Software Consulting

1 Like

Just had a quick look at your article. Let me correct the term GSM. The Greenbone Security Manager (GSM) is our commercial appliance. The web applications is called Greenbone Security Assistant (GSA). Only if you use our commercial appliance you will see the GSM lettering otherwise it’s GSA. And the trial VM is a derivation of our appliances.

Please take a look at our glossary for a list of abbreviations Glossary — Greenbone Documentation documentation


Thanks I have corrected those errors.