Hi Francisco,
We have a lot installations of LibreOffice (1000+) so I installed really old version 4.2.0.1 to check if it will trigger an event. Nothing happened. The problem probably is that the new database is missing a relation between the product name and the classification in NVD because on wazuh 4.7.2 I manually mapped it in the cpe_helper.json and it worked.
Here is the syscollector result:
{
"data": {
"affected_items": [
{
"scan": {
"id": 0,
"time": "2024-03-20T13:09:38+00:00"
},
"section": " ",
"version": "4.2.0.1",
"format": "win",
"source": " ",
"priority": " ",
"architecture": "i686",
"description": " ",
"location": "C:\\Program Files (x86)\\LibreOffice 4\\",
"vendor": "The Document Foundation",
"name": "LibreOffice 4.2.0.1",
"size": 0,
"install_time": "2024-03-20T12:58:22+00:00",
"agent_id": "1165"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
This version has multiple vulnerabilities (at least 30) according to
I chose one random vulnerability which is listed in NVD:
If you have some structured way for reporting it or maybe a github I would submit it there also.
Kind regards,
Nikolay