Notifications

59 views

Symptoms


Vulnerability Items are getting created with an invalid Configuration Item. It shows blank on the form but you can see a sys_id in the XML

Release


Jakarta Patch 8

Cause


Missing records on cmdb_ci_hardware

Resolution


When you have a Vulnerability Item created, it is looking for the "Installed On" field on the cmdb_sam_sw_install table. Reviewing the Vulnerability Item, it was seen that it was assigned to CVE-2015-3903. With this information, we checked the Vulnerability Softwares table (https://instancename.service-now.com/sn_vul_m2m_entry_software_list.do?sysparm_query=sn_vul_entry.idSTARTSWITHCVE-2015-3903%5Esn_vul_software.display_nameSTARTSWITHPhpmyadmin%20Phpmyadmin%204.0.2), and found the Vulnerable Software was for Phpmyadmin Phpmyadmin 4.0.2. From here, we went to the Software Installations table (https://instancename.service-now.com/cmdb_sam_sw_install_list.do?sysparm_query=display_nameSTARTSWITHPhpmyadmin%20Phpmyadmin%204.0.2) and saw that the "Installed On" field is blank and is pulling in a sys_id of 76a9a04d3790200044e0bfc8bcbe5d01 which matches the null field on the Vulnerability Item. 

We noticed this was not being pulled in because the Hardware was missing from the cmdb_ci_hardware. Exporting from a personal dev instance and importing to an instance solved the issue and we confirmed that we could see the Configuration Item being shown on the Vulnerability Item.

 

Article Information

Last Updated:2018-08-21 21:58:54
Published:2018-08-20