Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Identify and escalate security issues using NVD

Identify and escalate security issues using NVD

When CVE-ID records are downloaded from the NIST NVD, they are compared to the software in your company network as identified by the Software Asset discovery model. When a CVE-ID matches vulnerable software or CIs in your network, a vulnerable item is created. You use the information in the CVE-ID record to decide whether to escalate the vulnerable item for remediation.

Before you begin

Role required: sn_vul.vulnerability_write

Procedure

  1. Navigate to Vulnerability > Libraries > NVD.
    A list of Common Vulnerability and Exposures (CVE)-IDs that were downloaded from the NVD is shown. Updates from the NVD can be performed on-demand or using a scheduled job.
  2. Click a CVE record to view the following information:
    • a summary for the CVE-ID.
    • a reference to a Common Weakness Enumeration (CWE) entry, if applicable.
    • the vulnerability score of the CVE-ID on the Common Vulnerability Scoring System (CVSS). For more information on the CVSS, see the National Vulnerability Database website.
  3. Click the following related lists to get more information for identifying vulnerabilities.
    Related listDescription
    Vulnerable Items Lists any vulnerable items, which consist of pairings of potentially vulnerable CIs and software. To get more information about a pairing, click the information icon (information icon).
    Note: If software is removed, any associated vulnerable items are closed and removed from the Vulnerable Items related list.
    Vulnerability Entries Lists vulnerability entries for the selected software record. Click a record to view its details.
    If vulnerabilities were identified and vulnerable items were created, you can Remediate vulnerable groups, as needed.