Openscap oval scan reportrting false positives

Hi chaps
I am testing rocky Linux 9.3 as a potential candidate to replace our centos Infra. I have noticed that openscap reports false positives when scanning for vulnerabilities using the oval file downloaded from Index of /pub/oval/ .

For example the report shows that the system is impacted by RLSA-2022:7288: openssl security update and as per the Errata the issue was fixed in openssl version 3.0.7 and when i checked on the system the current installed version is 3.0.07-25 . But the openscap still reports the system is vulnerable

any pointers on how to proceed are greatly appreciated.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.