Not all QIDs in Qualys have CVEs (eg. https://cve.report/qid/38863). There are many that do not and the responsible action is to cover all reasonable vulnerabilities by creating QIDs.
Few examples include:
1. SSL/TLS Server supports TLSv1.0
2. HTTP security headers not detected
It becomes difficult to remediate these vulnerabilities as Product Vendors asks for CVE ID's and can not provide any support to fix the vulnerabilities. In such cases, one should refer info. present online that support the general requirement to remediate, as well as a good section in the knowledgebase explaining why these issues need attention.
Happy Learning !!
No comments:
Post a Comment