It’s not a requirement at all. This just means that there is, in fact, a Fixlet in that site tagged to address that CVE, and we can’t tell whether the Fixlet is relevant on any of your systems because the site is not subscribed.
You could look up what that CVE is and decide whether you think any of your systems are affected, but an eight year old CVE has probably been long deprecated.