Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Create a vulnerability

Create a vulnerability

Vulnerabilities are created automatically when records are downloaded from the NIST NVD and stored under Libraries in Vulnerability Response. There are cases, like physical security vulnerabilities, when you may want to manually add vulnerable item records.

Before you begin

Role required: sn_vul.vulnerability_write

Procedure

  1. Navigate to Vulnerability > Vulnerabilities > Vulnerable Items.
  2. Click New.
  3. Fill in the empty fields, Configuration item (if there is one), Source and so on.
  4. In the Vulnerability tab, click on Search icon for Vulnerability.
  5. If you already have a vulnerability entry listed, select it. Otherwise, click New in the Vulnerability Entries form.
    A pop-up window appears.
  6. Fill in the fields on the Vulnerability Entries form, as appropriate.
    Field Description
    ID Enter an identifier for this vulnerability entry. This label for the vulnerability entry must be unique.
    CWE entry Add a reference to the Common Weakness Enumeration element that this vulnerability best fits into.
    Source Enter an origin for the vulnerability — whether a scanner or physical test.
    Remediation type Choose the type of remediation action required.
    Choices are:
    • Patch
    • Configuration change
    • Patch and Configuration change
    • Countermeasure
    Public Exploit Determine whether there are public exploits of this vulnerability.
    Choices are:
    • Yes
    • No
    • Unknown
    Active Exploit Determine whether there is an active exploit of this vulnerability.
    Choices are:
    • Yes
    • No
    • Unknown
    Date published Enter the date the vulnerability was published.
    Last modified Enter the date the vulnerability was modified.
    Summary Add text description of the vulnerability.
    Threat Add text to describe the threat from this vulnerability.
    Solution Add text to describe the remediation.
  7. Enter information in the following sections, as needed.
    Tab Description
    Common Vulnerability Scoring System
    Vulnerability score The degree of severity of this vulnerability. Typically 1–10, with 10 being highest. Automatically calculated.
    Score generated The date the vulnerability score was calculated.
    Access vector

    The method of access used by exploits of this vulnerability.

    Choices are:
    • None
    • Adjacent network
    • Network
    • Local
    Access complexity

    How difficult it is to exploit this vulnerability.

    Choices are:
    • None
    • 3 — Low
    • 2 — Medium
    • 1 — High
    Confidentiality impact

    The degree of impact on confidentiality of the compromised system.

    Choices are:
    • None
    • Partial
    • Complete
    Integrity impact

    The degree of impact on the integrity of the compromised system.

    Choices are:
    • None
    • Partial
    • Complete
    Availability impact

    The degree of impact on the availability of the compromised system.

    Choices are:
    • None
    • Partial
    • Complete
    Authentication

    Number of times the user must authenticate to a target to exploit a targeted system.

    Choices are:
    • None
    • Single instance
    • Multiple instances
    Vulnerability entry form
  8. Click Submit on the Vulnerability Entry form.
    When you submit the vulnerability, its data is incorporated into the vulnerable item form.
  9. Click Submit on the Vulnerable Item form to create the new vulnerable item.