CPE name not found in CPE dictionary

63 views
Skip to first unread message

Maya & Arthur

unread,
Aug 1, 2023, 10:34:32 AM8/1/23
to SCAP Discussion and Development

Hi,

I don’t know if this is the right E-mail to send my question but I hope you’ll be able to answer 😊


I use NIST website to search for a specific CPE : https://nvd.nist.gov/products/cpe/search and view the corresponding CVEs

 

For example, I tested with Grafana v8.3.4 having CPE name : cpe:2.3:a:grafana:grafana:8.3.4:*:*:*:*:*:*:* and I found it and was able to view its CVEs.

 

Unfortunately, I’m not able to find Grafana v9.5.2 with the Search button (I used following CPE name : cpe:2.3:a:grafana:grafana:9.5.2:*:*:*:*:*:*:*) but in CPE dictionary it doesn’t exist.

 

I tested with others products & versions like Kafka, OpenJDK, Tomcat and sometimes for some versions I’m able to see the CPE name with its CVEs and sometimes I can’ t

 

That’s why, I was wondering if it can be due to NIST database or CPE dictionary that are not up to date ?? and I just need to wait a couple of days/months

 

Can it be related to the product’s provider that has not given the new CPE name for a new released version (to be written into the CPE dictionary) ?

 

I don’t understand 

 

Hope you understand my question

 

Kind regards


 

Brent Kimberley

unread,
Aug 1, 2023, 11:08:39 AM8/1/23
to Maya & Arthur, SCAP Discussion and Development, david.wa...@nist.gov

Sounds like an NVD question.  Try following up with n...@nist.gov.

--
To post to this group, send email to scap...@list.nist.gov
To unsubscribe from this group, send email to scap-dev+u...@list.nist.gov
Visit this group at https://list.nist.gov/scap-dev
---
To unsubscribe from this group and stop receiving emails from it, send an email to scap-dev+u...@list.nist.gov.

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

j...@usprotech.com

unread,
Aug 2, 2023, 11:39:20 AM8/2/23
to Maya & Arthur, SCAP Discussion and Development, Jonathan...@anamo.io

Maya,

You may want to consider this work around: We basically submit any new CPE with its official links to the NVD and then they add that data to the CPE dictionary after their review. Do you currently build a proprietary CVE/CPE library, you might consider doing so.  Let’s us know if that helps, however, we do not currently support non-US operations.

Jonathan

US ProTech

ANAMO CDM

 

 

From: 'Maya & Arthur' via SCAP Discussion and Development <scap...@list.nist.gov>
Sent: Tuesday, August 1, 2023 7:35 AM
To: SCAP Discussion and Development <scap...@list.nist.gov>
Subject: [scap-dev] CPE name not found in CPE dictionary

 

Hi,

--

To post to this group, send email to scap...@list.nist.gov
To unsubscribe from this group, send email to scap-dev+u...@list.nist.gov
Visit this group at https://list.nist.gov/scap-dev
---
To unsubscribe from this group and stop receiving emails from it, send an email to scap-dev+u...@list.nist.gov.


Virus-free.www.avg.com
Reply all
Reply to author
Forward
0 new messages