Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Manage NVD, CWE, and Third-party data import

Manage NVD, CWE, and Third-party data import

Vulnerability data can be imported from the NVD, CWE, or third-parties and used to decide whether to escalate a vulnerable item. You can update NVD records on-demand or configure a scheduled job to update them or CWE regularly. If needed, you can create third-party vulnerability entries manually. Vulnerability Response stores them under Libraries.

The Vulnerable items in your system are grouped, but can be managed individually. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source.

The following libraries are available:
Libraries Description
NVD List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.
CWE

List of community-developed software weakness types.

Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.

Third-party List of third-party vulnerable software in your instance. Contains a related list of CVEs.
Vulnerable Software List of all vulnerable software in your instance.