CVE stands for “Common Vulnerabilities and Exposures”. The CVE number is a unique identifier used by vendors. By using a common identifier, cybersecurity professionals can more easily communicate about vulnerabilities and exposures, which makes it easier to coordinate efforts to fix or mitigate them. Each CVE entry contains a description of the vulnerability or exposure, as well as information about how to mitigate or fix it.

OpsRamp uses CVE in the Patch Management process to identify which vulnerabilities and exposures require patching.

How to get the CVE information and uses of these information into OpsRamp patch management process:

  • Each time we run an “asset info scan” on a device to collect information about the installed software. This software’s information includes the CVEs number, which is published by the vendors.
    OpsRamp uses the latest installed software information from Agent to detect if there are any CVEs published by the vendors.
  • OpsRamp obtains CVE information from the OVAL advisory and the NVD database.
  • Now, we only support detecting the CVEs information from Ubuntu and RedHat operating systems.

In the OpsRamp Patch Management, we have added CVE Insights page and CVE Details page.
To view the CVE information, navigate to Configuration Management > Patch Management and then click the Menu bar icon.

patch management

Prerequisite

  • A “asset info scan” must be run on the resource on a regular basis.
  • It will work with Agent version 15.0.0 and above.

View the CVE Insights Page

Follow the steps below to see the CVE Insights page:

  1. Login to OpsRamp Portal.
  2. Select a client from the All Clients list.
  3. Go to Configuration Management > Patch Management.
  4. On the left side of this page, click the Menu bar icon.
  5. Click the Insights under the CVE tab.
  6. Here you will see CVE Insights landing page.
patch management

By clicking on any of the displayed numbers above, it will provide you with detailed information. Here is an example of what you can expect when click on “Impacted Resources”:

patch management

The following table describes the various widgets displayed on the Insights page:

WidgetsDescription
ResourcesSee the total number of resources for the selected client.
Impacted ResourcesNumber of resources impacted for CVE out of of total resources.
Severity By CVEType of Severity impacted for each resources:
- Critical
- High
- Medium
- Low
- None
By Operating SystemSee the list of operating system impacted by CVE with Severity categories.

View the CVE Details Page

Follow the steps below to see the CVE Details page:

  1. Login to OpsRamp Portal.
  2. Select a client from the All Clients list.
  3. Go to Configuration Management > Patch Management.
  4. On the left side of this page, click the Menu bar icon.
  5. Click the Details under the CVE tab.
  6. Here you will see CVE Details listing page. You can view the CVE details by selecting the CVE or RESOURCES option.

By using CVE option:

The CVE option enables you to view the list of CVE id for the impacted devices.

patch management

You can fix the CVE for impcted resources by clicking Fix option.

patch management
patch management

By using RESOURCES option:

The RESOURCES option enables you to view the list of devices with the number of CVE.

patch management

By clicking on any of the displayed Device Name above, you will be provided detailed information about the CVEs number for that specific device. Here is an example of what you can expect:

patch management

The following table describes the various information displayed on the Details page:

NameDescription
BY CVECVE IDIt is a unique, alphanumeric identifier assigned by the CVE Program. Each identifier references a specific vulnerability.
SeverityIt shows the effect of severity on the operating system.
DescriptionDetailed description mentioned for the CVE ID.
Impacted OSListed of impacted OS.
Impacted ResourcesShow the number of resources impacted against each CVE.
BY RESOURCESDevice NameName of the device.
IP AddressShow the IP Address of the devices.
Operating SystemShow the operating System for the devices.
CVEShow the number of Common Vulnerabilities and Exposures (CVE) against each device.