Update 1/10/24 

We are releasing a new server slated for 1/31/24 to resolve these issues. We appreciate your patience. 

Due to a late-breaking issue discovered with the NVD NIST API, 8.10 Servers equipped with the new Vulnerability Detection feature are currently unable to receive any new or updated CVE information from the NIST API. This API provides vulnerability information to populate the “CVE Instances” and “CPE Applications” pages within the App Control console. 

CVE Data Stream Impacts

Any current or newly installed applications in your environment with a CPE match (found on the “CPE Applications” page) will not be populated with up-to-date CVE information. In addition, vulnerabilities listed on the “CVE Instances” page will not be up-to-date with the latest information from NIST. 

CPE Matching Functionality Impacted

In addition, this issue with the API also affects CPE matching capabilities (8.9.0 server or later). The server cannot generate any new CPE matches from the application inventory. Note that this does not affect CPE matches that have already been discovered and recorded in the “CPE Applications Page.” 

Steps to Resolution

We caution any customers using the Vulnerability Detection feature to discover CVE information about the applications within your environment. We recommend users seek alternative methods to determine vulnerability risk until this issue is resolved. 

We are working with NIST to resolve this issue and restore CPE/CVE functionality to the App Control Server. We will provide further updates once we have more information. 

Thank you for your patience and understanding.