Possible to exclude CVE from scan?

Scanning / scan configuration
1

Hi

We have implemented an automated way (using gvm-tools python and plain bash scripts) that updates NVT data, syncs which targets to scan, when to scan and then in the end emails a report and creates an issue in Jira (our issue tracker) in case of critical severity’s found on any of our servers

Our servers is running postgres so all is reporting a critical (severity 9.0) issue due to CVE-2019-9193 which we would like to ignore (and perhaps others in future). Is there a way that we can make the scan ignore CVE’s somehow ?

Regards
Stefan

2

Found Override’s which I guess might do the trick, still not sure how to match CVE-2019-9193 to a valid NVT OID which is needed in the override wizard.

When searching in SecInfo -> NVTs I see other CVE’s listed within NVTs but there is no trace of CVE-2019-9193 which Im interested in doing an override on.

My assumption is that this specific CVE are matched during scan due to cpe:/a:postgresql:postgresql:10.14 but i just cant figure out how to do do an override making our scans to ignore the real severity behind this specific CVE

3

oops, it was there in plain sight :slight_smile:

https://docs.greenbone.net/GSM-Manual/gos-20.08/en/reports.html#creating-an-override-through-a-scan-result

1 Like