Vulnerability - Severity, Base Score, Dates, and more are empty

jdelcol · April 20, 2026, 1:34pm

Good morning team,
When entering the Vulnerability report, in most cases the Severity, Base Score, Dates, and several other columns are empty.

However, when we access the NVD link for the vulnerability, data is present.

For example:

https://nvd.nist.gov/vuln/detail/CVE-2013-3900

https://nvd.nist.gov/vuln/detail/CVE-2024-30101

This happens with both old and new vulnerabilities!

https://nvd.nist.gov/vuln/detail/CVE-2026-20806

Do I need to activate any analyses?
What do you recommend?

orbiton · April 20, 2026, 3:34pm

Make sure to read the Note under Fixlet 1005 - Download NVD CVE Data Files in the SCM Reporting site can be used to download and cache the current and previous year's data files.

You need to download the files into a specific place on the Compliance Server, and after the Import the data will be propagated.
This data is updated regulary so the process should be repeated