I wanted to scan my DNS servers for the recently released CVE-2020-1350 but I noticed that the CVE database in OpenVAS will list the CVE but the Serverity, Complexity, Vector, etc all show N/A.
Why is that?
If I scan in this setting will it actually list the vulnerability in the results?
There might be 1 or 2 days delay (depending on when this change is available in the NVD data feed), afterwards the severity will be shown instead of the N/A.
Generally it might be also possible (unrelated to this specific CVE) that a CVE is shown as N/A for more then a few days or even a few weeks depending on when the NVD is doing the vulnerability analysis for a specific CVE. Such CVEs can be identified when browsing the related entry like https://nvd.nist.gov/vuln/detail/CVE-2020-1353. As long as the Undergoing Analysis is shown there the CVE will show up with a N/A severity within the GSA: