CIs blank on Vulnerability Item



Vulnerability Items are getting created with an invalid Configuration Item. It shows blank on the form but you can see a sys_id in the XML


Jakarta Patch 8


Missing records on cmdb_ci_hardware


When you have a Vulnerability Item created, it is looking for the "Installed On" field on the cmdb_sam_sw_install table. Reviewing the Vulnerability Item, it was seen that it was assigned to CVE-2015-3903. With this information, we checked the Vulnerability Softwares table (, and found the Vulnerable Software was for Phpmyadmin Phpmyadmin 4.0.2. From here, we went to the Software Installations table ( and saw that the "Installed On" field is blank and is pulling in a sys_id of 76a9a04d3790200044e0bfc8bcbe5d01 which matches the null field on the Vulnerability Item. 

We noticed this was not being pulled in because the Hardware was missing from the cmdb_ci_hardware. Exporting from a personal dev instance and importing to an instance solved the issue and we confirmed that we could see the Configuration Item being shown on the Vulnerability Item.