Vulnerabilities are constantly being discovered and published. You must ensure you’re utilizing the best tools to mitigate your risk.
CVE listings contain a standard identifier number, status indicator, brief description, and related references to advisories and reports. They do not include detailed technical information like risk, impact, or fixes.
Search by CVE ID
The CVE ID is a globally unique tracking number that uniquely identifies vulnerabilities. It is used as an identifier in the National Vulnerability Database (NVD) and by many security tools. CVE IDs help to ensure that vulnerability information is consistently interpreted across different tools and databases, as well as between vendors of security tools.
Before CVE, each vendor maintained their vulnerability identifier system, which made it difficult to compare and correlate data between tools. Today, most major vulnerability scanners use CVE IDs for their vulnerability definitions.
The CVE website lists all available CVE records, including their status and description. The status indicates whether the record has been published by a CNA, such as a software vendor or researcher, and is referenced in one or more public resources. The description contains additional details on the CVE record, such as the affected software version. It also includes a link to the CVE dictionary website for more information on that specific vulnerability.
Search by CVE Description
A vulnerability is a flaw in a piece of software that allows nefarious parties to exploit it. CVE uses a common naming standard to describe vulnerabilities, making it easier to share information about them across different vulnerability databases and security tools.
A CVE identifier is a unique number assigned to a publicly known information security vulnerability or exposure by a CVE Numbering Authority (CNA). The CNAs are mostly research organizations and many IT and security vendors. They report vulnerabilities to MITRE and then assign CVE identifiers to them. The CVE names also indicate whether they are approved Entries or candidates.
Whenever a vulnerability definition is downloaded in Patch and Compliance, the CVE name displays the other details about the vulnerability. You can click on the CVE name to display the CVE dictionary Web page for a more detailed vulnerability description.
Search by CVE Impact
With the proliferation of new vulnerabilities and tools, keeping up with CVEs can be daunting. Most people who look at them merely scan for the most important ones and move on. However, this means they miss out on the valuable information provided to them.
CVEs are the unique identifiers that security professionals use to identify and track vulnerable hardware and software systems. They also provide a consistent way to refer to specific vulnerabilities when implementing preventative measures to protect against cyber attacks.
When a vulnerability is discovered, a researcher or security expert will report it to the CVE system through a process that includes contacting the vendor and project responsible for the affected software or hardware system. This process is designed to ensure that the resulting CVE entry has a thorough and systematic approach to ensuring that the vulnerability can be identified, verified, and described accurately. After being vetted by experts, it’s added to the National Vulnerability Database (NVD) with CVSS-based scores and fixed information.
Search by CVE Scoring
The CVE system provides a standardized method for naming cybersecurity vulnerabilities, which makes it easier for vendors and researchers to communicate about them. It also helps organizations prioritize vulnerability remediation by enabling them to compare the severity of various vulnerabilities in their products and environments.
The CVE list feeds into NVD, which offers enhanced information for each record, including patch availability and CVSS scores. The federal government sponsors these resources, and they are free to use.