Hello,
I am a little bit confused about security advisories and interim fixes for AIX servers. Sometimes bigfix reports security advisory for more computers than interim fix for same security issue(same CVE code) but security advisories are not applicable.
What do you mean that the security advisories are reported for more computers, but are not applicable? If computers are listed under a security advisory, that means they are reporting as applicable.
Usually iFix has a smaller scope than SA. e.g. if a SA covers a fileset with version 3-5, it is possible there is only 1 iFix that applys to the fileset with version 5 only.
Adding on to @qiaozy’s reply.
Fixlet with “Security Advisory” category is is auditing content (without action) which help’s to identify specific vulnerability on endpoints.
Fixlet with “Interim fix - Security Advisory” category is a out-of box content (with action) which help’s to identify if a specific interim fix patch is applicable on endpoints.
Ideally, endpoint which is shown as applicable to a “Security Advisory” content will be shown as applicable to a “Interim fix - Security Advisory” content (excluding version update package for Java, Openssh, openssl & other 3rd party apps).
If endpoint is shown as applicable to “Security Advisory” content and no “Interim fix - Security Advisory” content (excluding version update package for Java, Openssh, openssl & other 3rd party apps) is shown as applicable, customer will need to either update TL/SP to a more recent level or open a PMR to request for customized ifixes from AIX team.
If customer has suspicion on any false positive cases when an endpoint is shown as applicable, please open a PMR for content team to further investigate