Every Month I have a report that gets emailed, listing all the critical vulnerabilities applied to our equipment. Our latest report dated October 1st is missing quite a few CVE that came out since April. They were in the Report dated September 1st.
I upgraded NCM, NPM, IPAM, SRM, NTA last Friday evening using the new, rather fancy and efficient installer. (October report was issued on Sunday).
Upon using the Database Manager on the Orion server and querying the NCM_VulnerabilitiesAnnouncements and the NCM_VulnerabilitiesAnnouncementNodes tables, they show no CVE that came out after 2017-6610 (publish date of April 2017)
So the vulnerabilities that disappeared from the tables and the monthly report are-- CVE-2017-6736, -6737, -6738, -6739, -6743, -6744,
I checked the matching algorithm and it ran successfully last night (scheduled nightly). I am opening a case with support and supplying them the two reports.
Has anyone else noticed any issues with CVEs post upgrade?
well i got tired of waiting on support so i deleted all the xml files i had downloaded from the NVD and manually downloaded new ones. Then i manually fired off the matching algorithm and a few minutes later the CVEs are back in the Tables. I have no cause for the their disappearance but got them back, of course I have to re-review them and add comments again but oh well it is not the worst thing that has ever happened from upgrading Solarwinds.