CVE Dashboard available

leewei 2017-08-18 17:40:44 UTC #62

@BF_dev, technically it is absolutely possible to run this under Web Reports which some tweaks. I think I did it for someone but never publish it. If I can find it and something easy I will post here.

BF_dev 2017-08-21 10:28:28 UTC #63

@leewei, Thanks a lot

android 2017-09-05 09:49:22 UTC #64

Good day!
Could you explain, how bigfix_cve_util choice a cve what it remove or add ?
Example, I interested CVE-2017-1376 but it was remove.
How i can understand why it was remove? What have rules for choice?

leewei 2017-09-05 19:31:02 UTC #65

CVEs downloaded from NVD are removed if there are no corresponding Fixlets.
For example:

A CVE for the Cisco router will be removed because BigFix does not have content (Fixlets) for them.
On the other hand, if you do not subscribe to a certain sites, say Patches for AIX, then CVEs relating to AIX will be excluded as well.

The idea is that I will only show you CVEs where there are Fixlets.

randydavis 2017-10-26 17:23:03 UTC #66

Sorry for stupid question, but how do I load this in console in a custom site?

leewei 2017-10-26 21:23:13 UTC #67

Here is the install guide that describes how to add the files for the dashboard into any sites you choose.
Actually, you can only add to a custom site anyway because we cannot modify “external” sites from IBM.
CVEDashboard.pdf (1.3 MB)

asouza 2018-08-15 14:13:47 UTC #69

Hi All, Just recently purchased product and installed 9.5.9. CVE dashboard stopped getting updated content in June 2018. Anyone else facing this issue?

Regards,
A

jkj1962 2018-08-15 14:32:24 UTC #70

I realize this is an old topic, but I’m just trying this out. I, too, need for non-master operators to be able to see this dashboard. I’ve imported the files into a Custom Site, and given the desired operator “Writer” permissions to the site. They can see the site, and the files, but not the Dashboard. I read above about permissions to the “dashboard variables”, but that’s a new one on me. (7 years with Bigfix).

Also, “Show Computers” does not work. (Bigfix 9.5.7)

Any ideas?

asouza 2018-08-16 13:36:55 UTC #71

Hi lkj962,

Are you getting updated information from your CVE dashboard, after June 2018?

jkj1962 2018-08-16 13:54:44 UTC #72

The last “Critical” ones are from June, but I’m seeing “High” and “Medium” from July 18, 2018.

swap041 2018-10-06 20:24:18 UTC #73

@leewei : When i run the relevance it shows the values of Computer, Risk Score in XML format.
But still the Dashboard shows empty . I dont know why its showing like that.

Any Suggestions

mako3 2018-11-15 01:24:36 UTC #74

Hi,

Where will this dashboard access?
I confirm that the dashboard access following site only.
http://static.nvd.nist.gov/

If there are other sites, let me know.

leewei 2018-11-15 01:59:08 UTC #75

@mako3, technically, the dashboard does not have any external access except for the BigFix repository. The loading command line script is the one that connects to and download the CVE database from the URL you indicated.

Masatsugu 2018-12-06 08:09:16 UTC #76

Hi,

When we click “Show Computers” on the dashboard, following script error occurs.
It seems, it occurs for groups with many computers and it doesn’t occur for groups with 1000 computers or so.
Does anyone have any idea to solve this situation?

Regards,

script_err2

Masatsugu 2018-12-17 06:54:39 UTC #77

WeiLee-san,

Do you have any idea to solve this script error?

Regards,

sydabr 2018-12-30 01:08:49 UTC #78

When we click “Show Computers” on the dashboard, facing same script issue , any help please

MRitchotte 2019-03-21 19:16:53 UTC #79

Has anyone here run into an issue when attempting to run the importer? I will get the error that parameter username is required even though i’m using the switch to specify the username (See attachment) 2019-03-21_15-15-51

leewei 2019-04-01 00:18:20 UTC #80

@MRitchotte Hello Matthew, I cannot duplicate what you are seeing. Is it possible that your command line, especially where you have the -server param is breaking up with a space or some characters?

diwanker 2019-06-17 17:09:42 UTC #81

Hi @leewei for some reason the dashboard is not showing CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019. I have tried running the importer using the command line as well as manually downloading the XML file and placing it in the importer folder but both methods still don’t show the mentioned vulnerability.

Any idea what might be causing this?

Regards

Pete_F 2019-06-20 15:59:12 UTC #82

@leewei
Running into problems when running the importer… Using latest version , it gets the nvdcve file, expands to the xml and then starts the process… Gets all the way to the and and then I get an error

6/20/2019 11:41:18 AM - Processed 4610 of 4623: CVE-2019-9946
6/20/2019 11:41:19 AM - Processed 4620 of 4623: CVE-2019-9962
6/20/2019 11:41:20 AM - Processed 4623 of 4623: CVE-2019-9975
6/20/2019 11:41:20 AM - Error: The remote server returned an error: (400) Bad Request.

Any thoughts or insights please?