AnsweredAssumed Answered

Several CVE-Numbers - only one QID

Question asked by Andreas Schäfer on Aug 21, 2019
Latest reply on Aug 26, 2019 by Andreas Schäfer

Qualys addresses various vulnerabilities of an OS patch as a single QID. As an example, I mention the recently released QID 91563, which combines several CVE numbers (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226).
As I understand Qualys, the QID is not recognized as fixed until all single components of the QID have been handled, even if all but one have been removed.
If this is confirmed, I consider it a weakness in the system, as it is not possible to report on the individual components of the QID.
I am sure that Qualys can give me a satisfactory answer here, with which I can dispel the concerns of my customer...


thank you,