Vulnerability Detection Verification

Modified on Mon, 13 Jul at 3:12 AM

Purpose

This guide outlines the step-by-step process to verify the detection of vulnerabilities on a system, cross-check installed packages, and ensure proper patch management and repository configuration.


Prerequisites

  • Access to system scan output (system-characteristics.xml)

  • Vulnerability scan results (vulnerability-results.xml)

  • Vulnerability definitions (vulnerability.xml)

  • Patch information (missingpatchcollection.json)

  • Basic knowledge of RPM package versions (EVR: Epoch:Version-Release)


Step 1: Identify Installed Packages

  1. Open the system scan output file: system-characteristics.xml.

  2. Locate installed applications under the <rpminfo> entries.

  3. Identify the package of interest using the id attribute.
    Example:

    <rpminfo id="1958" name="openssl" version="1.1.1g" release="12.el8" epoch="0"/>
  4. Record the id, package name, and version.


Step 2: Match Against Vulnerability Results

  1. Open vulnerability-results.xml.

  2. Locate the entry corresponding to the package id from Step 1.

  3. Check the result field:

    • true → Vulnerability detected

    • false → No vulnerability detected
      Example:

  4. <vulnerability_result id="1958" result="true" test_id="EVT-2025-0001"/>

Step 3: Correlate with Vulnerability Definitions

  1. Open vulnerability.xml.

  2. Search for the test_id retrieved from Step 2.

  3. Locate the <rpminfo_test> block associated with this test.
    Purpose: This defines the criteria used to determine vulnerability.


Step 4: Locate the State Reference

  1. Within <rpminfo_test>, find the state_ref value.
    Example:

    <state_ref>EVR:1:1.1.1g-12.el8</state_ref>
  2. state_ref provides the expected version threshold for the vulnerability evaluation.


Step 5: Perform Criteria Check

  1. Compare the installed package version (from Step 1) with the EVR string in state_ref.

  2. Check:

    • If installed version matches or is lower than state_ref → Vulnerable

    • If installed version is higher than state_ref → Not vulnerable

  3. Document the evaluation result.


Step 6: Verify Patch Version / Repository

  1. Open missingpatchcollection.json.

  2. Identify the installed patch version for the package.

  3. Cross-check with the repository information:

    • Patch corresponds to the current major release → Current repository

    • Patch corresponds to the previous major release (N-1) → Using N-1 repository

  4. Document repository usage to verify compliance with patch management policy.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article