Vulnerability data can be imported from the National Vulnerability Database (NVD),
Common Weakness Enumeration (CWE), or third-parties and used to decide whether to escalate a
vulnerability group. Once imported, you can update NVD records on-demand or configure a
scheduled job to update them or CWE regularly. Vulnerability Response stores them under
The Common Vulnerability Scoring System (CVSS), included in NVD and third-party entries,
captures the main characteristics of a vulnerability.Vulnerability Response uses CVSS data to
produce a normalized value reflecting vulnerability severity. When the severity is computed,
the vulnerability provides a better understanding of the risk posed by this vulnerability to
your organization. Severity helps you assess and prioritize vulnerability remediation.
If this is your first installation of Vulnerability Response, perform an
initial import of CWE, and then NVD records when you configure your scheduled jobs. See Configure the scheduled job for updating CWE records and Configure the scheduled job for updating NVD records for more
By default, NVD and third-party data libraries are updated as scheduled jobs.
Version 7.0: These jobs are enabled by default.
Version 8.0: By default, all data feeds for NVD
Auto-update are disabled. To enable the feeds you want, see Configure the scheduled job for updating NVD records.
CWE updates are On Demand, by default, and must be enabled for a
scheduled job. See Configure the scheduled job for updating CWE records.
The Vulnerable items in your system are grouped and are usually managed in bulk, but can be
managed individually. Each vulnerability is represented by a vulnerability entry in the
library, from the NVD, or a third-party source. For information on the vulnerability entry
fields, see Vulnerability fields.
The following libraries are available:
||List of vulnerabilities found by NVD and includes security checklists,
security-related software flaws, misconfigurations, product names, and impact metrics
List of community-developed software weakness types.
Each CWE record also includes an associated knowledge article that describes the
weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations
screen, it is for reference only.
||List of imported third-party vulnerabilities in your instance. Contains a list of
related references, vulnerable items, exploits, and CVEs.
||List of all vulnerable software in your instance.