Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Configure and manage NVD, CWE, and third-party data libraries

Log in to subscribe to topics and get notified when content changes.

Configure and manage NVD, CWE, and third-party data libraries

Vulnerability data can be imported from the National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), or third-parties and used to decide whether to escalate a vulnerability group. Once imported, you can update NVD records on-demand or configure a scheduled job to update them or CWE regularly. Vulnerability Response stores them under Libraries.

The Common Vulnerability Scoring System (CVSS), included in NVD and third-party entries, captures the main characteristics of a vulnerability.Vulnerability Response uses CVSS data to produce a normalized value reflecting vulnerability severity. When the severity is computed, the vulnerability provides a better understanding of the risk posed by this vulnerability to your organization. Severity helps you assess and prioritize vulnerability remediation.

If this is your first installation of Vulnerability Response, perform an initial import of CWE, and then NVD records when you configure your scheduled jobs. See Configure the scheduled job for updating CWE records and Configure the scheduled job for updating NVD records for more information.

By default, NVD and third-party data libraries are updated as scheduled jobs and all data feeds for NVD Auto-update are disabled. To enable the feeds you want, see Configure the scheduled job for updating NVD records.

CWE updates are On Demand, by default, and must be enabled for a scheduled job. See Configure the scheduled job for updating CWE records.

The Vulnerable items in your system are grouped and are usually managed in bulk, but can be managed individually. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source. For information on the vulnerability entry fields, see Vulnerability fields.

The following libraries are available:
Libraries Description
NVD List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics including exploits.
CWE

List of community-developed software weakness types.

Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.

Third-party List of imported third-party vulnerabilities in your instance. Contains a list of related references, vulnerable items, exploits, and CVEs.
Vulnerable Software List of all vulnerable software in your instance.
Feedback