diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
index ce73223880e..1a713cd9022 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
@@ -82,10 +82,11 @@ public String getEcosystem(DefCveItem cve) {
* null
*/
private boolean hasMultipleVendorProductConfigurations(DefCveItem cve) {
- if (cve.getCve().getConfigurations() != null) {
+ if (cve.getCve().getConfigurations() != null && !cve.getCve().getConfigurations().isEmpty()) {
final List cpeEntries = cve.getCve().getConfigurations().stream()
.map(Config::getNodes)
.flatMap(List::stream)
+ .filter(cpe -> cpe.getCpeMatch() != null)
.map(Node::getCpeMatch)
.flatMap(List::stream)
.filter(match -> match.getCriteria() != null)