Oracle Cloud Infrastructure Documentation

Listing Vulnerabilities in a Host Scan

View details about potential OS vulnerabilities that were detected on a specific Compute instance.

Oracle uses common vulnerabilities and exposures (CVE) numbers to identify security vulnerabilities for operating systems and other software, including critical patch updates and security alert advisories. CVE numbers are unique, common identifiers for publicly known information about security vulnerabilities. View Qualys IDs (QIDs) in the Vulnerability Scanning service user interface.

Qualys ID (QID) numbers are unique identifiers assigned by Qualys to identify security vulnerabilities. View QIDs in the Vulnerability Scanning service user interface or in the Qualys VMDR user interface on the Vulnerabilities Tab.

Because Oracle Linux and other enterprise Linux distributions back port security fixes to the version that's included in a specific major release, the Vulnerability Scanning service can incorrectly report vulnerabilities on OS packages that have already been fixed. Also, the Vulnerability Scanning service can incorrectly report Oracle Linux vulnerabilities that were fixed by Ksplice. See Troubleshooting the Vulnerability Scanning service.

You can also use vulnerabilities reports to browse all vulnerabilities that the Vulnerability Scanning service detected.

    1. On the Scanning reports list page, select the scan that you want to work with. If you need help finding the list page or the scan, see Listing Host Scans.
    2. Select Vulnerabilities.

      The following details are shown for each issue detected in this Compute instance:

      • Issue ID
      • Risk level
      • Issue description
      • Last detected
      • First detected
      • Cause and remediation
    3. Select an Issue ID to view more details about a specific vulnerability.
    4. Select the View detail button in the Cause and remediation column to see more information for a vulnerability.
      • Name
      • Cause
      • Locations
      • Remediation

  • Use the oci vulnerability-scanning host vulnerability list command and required parameters to retrieve a list of the vulnerabilities for a host in a compartment:

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/vulnerability-scanning/host/vulnerability/list.html#cmdoption-compartment-id
oci vulnerability-scanning host vulnerability list --compartment-id $compartment_id

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the ListHostVulnerabilities operation to retrieve a list of the vulnerabilities for a host in a compartment.