Skip to main content

CVE Tracking Feature

PatchCTL automatically correlates your installed packages with known vulnerabilities.

How It Works

Package Inventory - Agent reports all installed packages
CVE Database - PatchCTL maintains vulnerability data
Correlation - Packages matched against CVE-affected versions
Alerting - New vulnerabilities surfaced in dashboard

CVE Data Sources

National Vulnerability Database (NVD)
Distribution security advisories (USN, RHSA, SUSE-SU)
CVE details and CVSS scores

Data updated daily.

Severity Scoring

Based on CVSS v3 scores:

Severity	CVSS Score	Description
Critical	9.0 - 10.0	Immediate exploitation risk
High	7.0 - 8.9	Significant risk
Medium	4.0 - 6.9	Moderate risk
Low	0.1 - 3.9	Limited risk

Actionable vs Informational

Actionable CVEs:

Affect your installed packages
Fix available in your repositories
Can be remediated by updating

Informational CVEs:

Affect packages not installed
No fix available yet
Require manual investigation

Remediation Workflow

Identify - Review CVEs in dashboard
Prioritize - Focus on Critical/High first
Plan - Schedule remediation
Execute - Apply patches
Verify - Confirm CVE resolved

False Positive Handling

Sometimes packages are flagged incorrectly:

Version detection ambiguity
Backported security fixes
Package renaming

Use "Mark as Reviewed" to dismiss false positives.

How It Works
CVE Data Sources
Severity Scoring
Actionable vs Informational
Remediation Workflow
False Positive Handling