I have a requirement for BMC Server Automation (BSA) to provide the CVE IDs that are associated with the patches that are in my Patch Catalog. I hoped that by default BSA would automatically capture and maitain a list of CVE IDs for each patch that is added to the Catalog. In this way users would be able to correlate patches against CVE.
I do not see any CVE related data out of the box. Does BSA have a capability to track this, or would I need to start defining Custom Properties, and manually maintaining this data against each patch (this is not really feasible due to the significant overhead).
bsa tracks cves if they are provided by the upstream patch vendor. in a windows catalog if you look on your hotfix objects there is a CVE_ID property. if there is a cve for that patch then it should be populated.