Vulnerability Response asset discovery Vulnerability data can be imported from internal and external sources, such as the NVD, CWE, and third-party integrations. You can compare vulnerability data to CIs and software identified in the Asset Management module. You can do the following: Compare vulnerability-related data, if a vulnerability is found in an asset. Escalate it by creating change requests, problem records, and security incident records (if Security Incident Response is activated). Manage vulnerable items individually, grouped by the vulnerability or CI. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source. Multiple CVEs can be related to a single third-party vulnerability. Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. That page is for reference only.