The Qualys Cloud Platform October 2021 release includes Qualys Cloud Suite 10.15.0.0, which contains new features and important enhancements in the Qualys Cloud Platform.
Qualys Cloud Platform
Option to include CVEs in the host-based scan reports
Starting this release, Qualys introduces a powerful new capability to generate vulnerability reports based on CVEs and fetch a list of assets that are vulnerable to the specific CVEs. Since these CVEs are specific to each scanned asset, this reporting feature will provide an easy way for users to have precise knowledge about the impacted assets.
Let’s understand it better with an example:
Microsoft SharePoint Foundation and SharePoint Server Update October 2020 covers 6 different editions of SharePoint with a total of 11 CVEs. However, not all CVEs would apply to each edition of SharePoint. For example, SharePoint Foundation 2010 is impacted by only five of the 11 CVEs. Earlier, the vulnerability report would list all the 11 CVEs, without specifying which CVE effects which SharePoint edition, as shown below:
|SharePoint Foundation 2010||110363||CVE-2020-16941, CVE-2020-16942, CVE-2020-16946, CVE-2020-16948, CVE-2020-16953||KB4486708|
With the new the asset CVE reports, the vulnerability report will display details:
|SharePoint Foundation 2010||CVE-2020-16941||KB4486708||110363|
|SharePoint Foundation 2010||CVE-2020-16942||KB4486708||110363|
|SharePoint Foundation 2010||CVE-2020-16946||KB4486708||110363|
|SharePoint Foundation 2010||CVE-2020-16948||KB4486708||110363|
|SharePoint Foundation 2010||CVE-2020-16953||KB4486708||110363|
To include asset CVEs in the host-based scan report, select Detected CVEs in the Scan Report Template > Display tab.
Support for DNS scanning in CDN environments
This feature will be available in a future release of Qualys Cloud Platform.