Cyver Core supports importing findings and reports from Greenbone's OpenVAS vulnerability scanner. You can import results to Cyver including vulnerabilities across network infrastructure and web applications, import assets, and import recommendations from the tool.
Export OpenVAS results to XML to manually import to Cyver Core. Or automate scan imports with the API.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | <result> <name>HTTP Brute Force Logins With Default Credentials Reporting</name> </result> |
|
| Type | Vulnerability Observation |
|
| Assets | <host>197.255.148.103 <hostname>helpdesk.adept.co.za</hostname> </host> |
|
| Description | <result> <description>It was possible to login with the following credentials (<URL>:<User>:<Password>:<HTTP status code>) https://helpdesk.adept.co.za/helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets:helpdeskIntegrationUser:dev-C4F8025E7:HTTP/1.1 200</description> </result> |
|
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<result> <threat>High</threat> </result> |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
|
| CVEList | for example: CVE-1; CVE-721 |
<refs> <ref type="cve" id="CVE-1999-0501"/> <ref type="cve" id="CVE-1999-0502"/> <ref type="cve" id="CVE-1999-0507"/> <ref type="cve" id="CVE-1999-0508"/> <ref type="cve" id="CVE-2004-1791"/> <ref type="cve" id="CVE-2024-20439"/> <ref type="cve" id="CVE-2024-28987"/> <ref type="cve" id="CVE-2024-46328"/> </refs> |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <nvt> <tags>cvss_base_vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H|summary=It was possible to login into the remote Web Application using default credentials.|insight=As the VT 'HTTP Brute Force Logins With Default Credentials' (OID: 1.3.6.1.4.1.25623.1.0.108041) might run into a timeout the actual reporting of this vulnerability takes place in this VT instead.|affected=|impact=This issue may be exploited by a remote attacker to e.g. gain access to sensitive information or modify system configuration.|solution=Change the password as soon as possible.|vuldetect=Reports default credentials detected by the VT 'HTTP Brute Force Logins With Default Credentials' (OID: 1.3.6.1.4.1.25623.1.0.108041).|solution_type=Mitigation</tags> </nvt> |
|
| Recommendation | <nvt> <solution>Change the password as soon as possible.</solution> </nvt> |
|
| External References | <refs> <ref type="url" id="https://www.cisa.gov/known-exploited-vulnerabilities-catalog"></ref> </refs> |
|
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).