By using the Vulnerability Management reports or dashboard, in many cases you can find a link to a vendor bulletin containing remediation information for a particular vulnerability. Sometimes this information is strictly advisory, and sometimes it includes a software patch for the affected application or operating system.
There are many ways to find the vendor bulletin for a specific vulnerability. The following procedures describe two simple ways to do this.
To find guided remediation information for a particular vulnerability:
Click the CVE ID or OVAL Definition for a particular vulnerability. A new report, which includes patch and advisory information, opens for this vulnerability.
Caution: If the status of a particular vulnerability is Unknown, and the CVSS score is null, be sure to investigate this vulnerability thoroughly by using the NVD, the CVE repository, and any other resources at your disposal. In this situation, HPCA may be unable to provide the information that you need to make an informed decision about the issue.