@Adri thanks for the feedback. I'm checking in with our engineering team, but I think its a false positive.
I think the issue we are finding is that the NIST data feed just focuses on the top level version number and then doesn't really recognise that a patch has been applied.
We are investigating a way that we can dig further in the details from vendors to get the lower level version number to avoid this. In the short term to ensure it doesn't keep showing we are going to put some simple functions to allow the user to tell an asset to be ignored with relation to that vulnerability (its not idea but in the short term will allow users to remove a bit of the noise).
Again thanks for the feedback and please keep it comming.
PS. I'll come back and update when I hear from engineer 🙂
