Skip to main content

Host Vulnerability Assessment

📄️ Multiple Fixed Parallel Package Versions

Because some vendors maintain multiple major versions of a software package simultaneously, when a vulnerability/CVE is found, vendors must introduce a fix for each maintained major version of the software package. Lacework assesses and displays the vulnerability status for only one combination of (unique machine instance, software package, package version, CVE vulnerability ID). This means that if there are many fixed versions, Lacework must determine which one is the most appropriate for the given package version.