Request for clarification on the “TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks.. This attack is known as a "ROBOT attack".
Below steps followed to schedule the report.
- Created a search list for the QID found for the below CVEs as per updated QIDs from Qualys.
- Created a patch template with
- FINDINGS - QID based patch evaluation (new)
- Asset Groups – All(Except Cloud based asset groups such as Azure, ICHS)
- IP Range – All
- SORTING and GROUPING by – Host
- Display patch severity by: Assigned severity
- Filter: Custom- added search list
- Access- Empty
And scheduled the report.
My reason for this email is when I pulled the report from asset veiw by CVE found 383 hosts. But by scheduling the report we are getting only 57 hosts.
I would like to understand where I have gone wrong if? My Assumption is Asset Veiw is giving Asset report than Patch report required to patch.