Vulnerabilities in the software of configuration items

You can compare vulnerability-related data, pulled from internal and external sources, to vulnerable resources and software identified in the Software Asset module using Vulnerability Response. If a vulnerability is found in an asset, escalate it by creating change requests, problem records, and security incident records (if Security Incident Response is activated).

Manage vulnerable items individually, grouped by the vulnerability, or grouped by CI. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source.

Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. This page is for reference only.