After an OS upgrade from 7.6 to 7.7 with the same ip address , The VAT's related to 7.6 are left open with out getting fixed records. Do we know why?
Are you doing authenticated scans on these systems? (guessing you're talking about RHEL or CentOS based on the version numbers, so authenticated may be possible)
firstname.lastname@example.org The old vulnerabilities will be purged only if you have enabled "Purge old host data when OS is changed" under option profile.
As mentioned by Mathew, Authenticated scanning will ensure the correct detection of OS.
purge data on os change only applies to a fundamental change between OS, so upgrades DO NOT trigger this.
only when switching OS family (ie, from Windows to Linux or OSx to Windows) will the old data be purged.
now, for Linux based systems, it is not uncommon to keep an old kernel version on the system.
as long as we are able to detect the old kernel, and when doing an Authenticated scan this is true, we will keep flagging old vulnerabilities on these none-running kernels that we find. this is not a bug, but by design.
to verify this, you can either use the filter options in the report templates to not show none-running kernel vulns or do a search in the new VM dashboard and use the "vulnerabilities.nonRunningKernel:FALSE " filtering option.
this will filter out the vulns found on the none-running kernels, and confirm if this is indeed the case.
the only way to fix this is to either patch the old kernel as well, or to remove this kernel (which is best practice anyway, as keeping an older kernel for a longer period of time generally makes no sense).
Retrieving data ...