Capture Client application vulnerability detection is wholly unreliable
I'm curious what resources are being used to determine whether an application version installed on an endpoint has any known vulnerabilities. I have received some alerts from Capture Client for vulnerable versions here and there, but having just done a manual check, it seems that relying on this system would be a mistake.
As an example: Wireshark 3.6.1. In the details section for this app in the Capture Client Management console, it says, "This app has no known vulnerabilities."
MITRE and the NVD disagree, with one rated Critical, and three of the rest rated High:
CVE-2022-0586, CVE-2022-0585, CVE-2022-0583, CVE-2022-0582 (Critical), CVE-2022-0581