CVE Audit

The Audit  CVE Audit section shows you which CVEs have been applied to your clients. A CVE (common vulnerabilities and exposures) is a fix for a publicly known security vulnerability. It is important that you apply CVEs to your clients as soon as they become available.

Each CVE contains an identification number, a description of the vulnerability, and links to further information. CVE identification numbers use the form CVE-YEAR-XXXX.

Clients are listed with a patch status icon.

Table 1. Patch Status Icons
Icon Description Action Required

Affected, patches are available in channels that are not assigned

The client is affected by a vulnerability and SUSE Manager has patches for it, but the channels offering the patches are not assigned to the client.

Affected, at least one patch is available in an assigned channel

The client is affected by the vulnerability and SUSE Manager has patches available in a channel that is directly assigned to the client.

Not affected

There are no available CVE patches for this client.

Patched

A patch has been successfully installed on the client.

For more information about CVE auditing, see Auditing.