Vulnerability details
From a vulnerability's details page, view information about a specific cybersecurity flaw associated with a Common Vulnerabilities and Exposures (CVE) number. To access the page, go to the Vulnerabilities page and select a CVE number from the Vulnerabilities instances table.
Vulnerability overview
At the top of the page, view details about the vulnerability from the National Vulnerability Database (NVD).
The U.S. National Institute of Standards and Technology, part of the U.S. Department of Commerce, maintains the database.
Vulnerability overview fields
| Name | Description |
|---|---|
| CVE description | Explanation from the NVD of the vulnerability and how attackers could exploit it. |
| CVSS severity | Common Vulnerability Scoring System (CVSS) severity rating for the vulnerability. |
| CVSS score | Common Vulnerability Scoring System (CVSS) base severity score calculated by National Vulnerability Database (NVD) analysts. |
| NIST details | Link to the vulnerability's detail page in the NVD. |
Impact level graph
Under Impact level, view how an attack from this vulnerability could potentially disrupt your organization based on metrics that factor into the overall CVSS score.
For each of the following metrics, the graph displays whether the impact would be high, low, or have no impact.
-
Attack simplicity: The conditions beyond a threat actor's control that must exist in order to exploit the vulnerability, such as system configuration settings.
-
Strike distance: How far from a service a threat actor can be to exploit the vulnerability. If exploitation requires physical access or a local account, the vulnerability receives a lower score than a vulnerability that is remotely exploitable.
-
Confidentiality impact: Impact to confidential data if the system is exploited.
-
Integrity impact: Whether exploitation of the vulnerability could result in the modification of system files.
-
Availability impact: Whether exploitation of the vulnerability could consume network resources that would affect the availability of the system.
IP addresses with vulnerability
The IP addresses with vulnerability table includes the IP addresses running service, product, and version combinations associated with the vulnerability. For each IP address, the table also lists the port the combination runs on.
For information about table options, see Tables.
Columns and filters
-
To add or remove information in the table, select Columns and choose the columns to view.
-
To view and manage IP addresses that meet specific criteria, such as services running on a specific port, select Filters and then select how to narrow the data.
| Name | Description |
|---|---|
| IP address | IPv4 or IPv6 address running the service, product, and version combination associated with the vulnerability. Select the IP address to open its details page. For more information, see IP address details. |
| Port | Port running the service, product, and version combination associated with the vulnerability. |
| Service | Name of the service associated with the vulnerability. |
| Product | Name of the product associated with the vulnerability. |
| Version | Version of the product associated with the vulnerability. |
| Organization | Filter for finding IP addresses with the vulnerability associated with an organization from your hierarchy. |