Hello everyone.
I have updated my OpenVAS version recently to the 21.3.2, however, I’ve ben receiveing the following vulnerabilidity result:
****Report outdated / end-of-life Scan Engine / Environment (local):
This script checks and reports an outdated or end-of-life scan
engine for the following environments:
Greenbone Source Edition (GSE)
Greenbone Security Manager TRIAL (formerly Greenbone Community Edition (GCE))
used for this scan.
NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to
make you aware of a possible decreased scan coverage or missing detection of vulnerabilities on
the target due to e.g.:
missing functionalities
missing bugfixes
incompatibilities within the feed
I wouldlike to know why is this marked with an gravity score of 10 and if there is a way to hide this result or to solve the problem (besides updating OpenVAS).
thank you!
Running it in a mix-version environment with the modules is too unpredictable to trust that it’s running correctly and/or accurate so the best path is upgrading the full software suite. The current version numbers are here GVM Release Version 21.4.4
The reason is already given in the VT description (which was also posted previously):
Not using a severity would not make users aware that they are running outdated versions of their scanner component. And as there are e.g. even extensions on the scanner side in minor release jumps like from 21.4.2 to 21.4.3 on which VTs rely to report / detect vulnerabilities it is important to keep the scanner engine up to date.
If you still don’t want to / can’t update to a recent version and accept the risk originating from this you can set an override as mentioned in the VT description: