Vulnerabilities in the software of configuration items

With Vulnerability Response, compare vulnerability-related data pulled from internal and external sources to vulnerable resources and software identified in the Software Asset module. If a vulnerability is found in an asset, escalate it by creating change requests, problem records, and security incident records (if Security Incident Response is activated).

Manage vulnerable items individually, or grouped by the vulnerability. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source.

Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. This page is for reference only.