Afternoon,
Trying to find validation of coverage for CVE-2024-8811. Its not listed in the Rapid7 VulnDB on the web and I cant find it listed in InsightVM. We allegedly have three systems with it on there.
NVD - CVE-2024-8811 - for reference
I can confirm there is no coverage in Rapid7 for this, not sure why. We have a handful of other vulnerability management tools for redundancy purposes and to get complete coverage.
Rapid7 IVM is great at catching most items, but it does not catch everything. I have not found any vulnerability management tool that catches 100% of everything due to inherent limitations which is why we have redundant tools. Surprisingly Microsoft Defender does not list that CVE either, but another one of our agent-based tools which has vulnerability scanning capabilities does.
Opened a ticket with support, Winzip is not listed as part of their recurring coverage.
”Since WinZip is not currently included in our recurring coverage at this time, this CVE has not been added as of yet.To review the list of our product coverage, you may refer to this link: Recurring vulnerability coverage for third-party software | Vulnerability Management Documentation”