Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Identify vulnerable items

Log in to subscribe to topics and get notified when content changes.

Identify vulnerable items

When CVE-ID records are downloaded from the NIST NVD, they are compared to the software in your company network as identified by the Software Asset discovery model. When a CVE-ID matches vulnerable software or CIs in your network, a vulnerable item is created. You use the information in the CVE-ID record to decide whether to escalate the vulnerable item for remediation.

Before you begin

Role required: sn_vul.vulnerability_write


  1. Navigate to Vulnerability > Libraries > NVD.
    A list of Common Vulnerability and Exposures (CVE)-IDs that were downloaded from the NVD is shown. Updates from the NVD can be performed on-demand or using a scheduled job.
  2. Click a CVE record to view the following information:
    • a summary for the CVE-ID.
    • a reference to a Common Weakness Enumeration (CWE) entry, if applicable.
    • the vulnerability score of the CVE-ID on the Common Vulnerability Scoring System (CVSS). For more information on the CVSS, see the National Vulnerability Database website.
  3. Click the following related lists to get more information for identifying vulnerabilities.
    Related listDescription
    Vulnerable Items Lists any vulnerable items. These items are records created by the matching of vulnerable entries downloaded from the NIST NVD and vulnerable software or CIs in your network. For more information about a vulnerable item, click the information icon ("i" icon).
    Note: If software in your network is reported as being removed or patched to remediate a vulnerability, any associated vulnerable items are closed and removed from the Vulnerable Items related list.
    Vulnerable Software Lists the vulnerable software returned from the NVD. You can use this information to match the NVD software to your Software Asset Management discovery model. For more information, see Identify and escalate security issues in vulnerable software.
    Vulnerability References Lists vulnerability reference information for the selected CVE record.
    If vulnerabilities were identified and vulnerable items were created, you can remediate them, as needed.