- Newest
- Most votes
- Most comments
Inspector consumes vulnerability data feeds from numerous sources; some are general feeds (like those from NVD), and some are vendor-specific (like those from Red Hat or ALAS). These feeds tell Inspector, among other things, the following pieces of information about each vulnerability:
- The affected package and version
- The affected platform (OS vendor and version information; e.g., RHEL 7.x)
When Inspector does an assessment it uses the on-host package database to get a listing of every installed package on the host. It also looks at the installed OS and its version. It is then compared to those with all of the CVE data it consumes and look for matches, and those matches become findings. For the Common Vulnerabilities & Exploits (CVE) rules package, Amazon Inspector has mapped the provided CVSS Base Scoring and ALAS Severity levels which can be found here
The CVE rules package is updated regularly; this list includes the CVEs that are included in assessments runs that occur at the same time that this list is retrieved. I am able to find CVE-2021-43798 in this rules list so theoretically this shall have been detected. [ Note: You can cross verify with your region specific list as well.] However, the final finding / classification depends on customer policies and rules. Same applies to further analysis in case you have to classify the findings as Not-Actionable or False positive if your system is not impacted. If this does not help, I suggest opening a case with AWS Support to verify your configuration.
Relevant content
- asked 7 months ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago