Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.11.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

CVE Reporting

Hello everyone,

After using OCS Inventory for a while, we have decided to activate the CVE Reporting option.

We have initially tried using a remote server (like the one mentioned in the documentation, cve.circl.lu) but it didn't work. Therefore, we set up our own CVE Search server.

So we installed the cve-search and everything seems to work ok. We have it running on cve-server:10443.

We configured ocs-inventory-server to use this, configured all required cron-jobs and checked the connection between the ocs-server and the cve-server using curl, and everything is OK there.

The cron tasks are executed normally, but the result is always the same: 10-Feb-2022 06:28:52 UTC - 0 CVE has been added to database.

OCS always says that there are no CVE's to add to the database.

The software and software_link db tables are updated/populated (there are more than 5000 programs in the inventory) and in the OCS Inventory server, Manage > CVE Inventory, we found that the "Match List" has a lot of items (>407k).

But in Inventory > CVE Reporting > By CVSS / By Software / By  Computer, totally empty and in the "CVE History" option, in the "Information" menu, the CVE count is zero for all publishers.

I have checked the entire forum and other pages in search of a solution, but I have run out of ideas.

Do you have any idea what could be the problem? We are running OCS Inventory server v2.9.2, under CentOS 7, with MariaDB and PHP 7.3.33.

PS: Sorry, this was a short version of the report, because the forum limits, you can found a PDF with all the information there: http://bitly.ws/oqKR
in OCS Inventory NG server for Unix by (520 points)
edited by

1 Answer

0 votes
Hello all,
Any help with this? is anyone using the CVE Reporting feature?

by (520 points)
Powered by Question2Answer