Some vulnerabilities are found to be removed or missing in the scans after the original scan.
Details
Change in vulnerabilities can happen due to correction of false positives or when new vulnerabilities are discovered. The following scenarios explains the possibilities.
- Day one: the app in Highlight has some components in specific versions with some CVEs
- Day two: the app in Highlight hasn't changed, with same components in specific versions. The CVE database sees some new/updated vulnerabilities for these component versions. Highlight updates the results for the given application. The CVE information can potentially change.
- Day three: the app in Highlight hasn't changed, with same components in specific versions. The product team fixed some CVE false positives. After an upgrade, Highlight updates the results for the given application. The CVE information can potentially change.
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Ticket
30159
Comments