Home Orlando Security Incident Management Security Operations Vulnerability Response Supported applications and setup for Vulnerability Response Additional Vulnerability Response setup tasks Configure and manage NVD, CWE, and third-party data libraries View Vulnerability Response vulnerability libraries Vulnerability Response vulnerability form fields

Vulnerability Response vulnerability form fields

Vulnerabilities are created automatically when records are downloaded from the National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), or third-party integrations and stored under Libraries in Vulnerability Response.

NVD entry fields

The imported fields in this table are read-only. Vulnerable Items (VIs), Vulnerable Software, and Vulnerability References are automatically associated and entries can be manually added.


Field	Description
ID	Identifier for this vulnerability entry.
Risk rating	(Hidden when no VIs are associated with the vulnerability) Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating is not the same as the Solution record Risk rating.
Risk score	(Hidden when no VIs are associated with the vulnerability) Calculated amount of risk the vulnerable item poses to your environment. Note: This base Risk score is not the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules.
Severity	Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map.
Exploit exists	Yes, if at least one exploit is associated with this vulnerability.
Exploit skill level	Lowest skill level required to exploit this vulnerability.
Exploit attack vector	Most vulnerable attack vector of the exploits for this vulnerability. Available when SAM NVD is enabled.
Active VIs	(Hidden when no VIs are associated with the vulnerability) Number of vulnerable items associated with this vulnerability, not in the Closed state. If there are no active VIs for this vulnerability, Risk Rating and Risk Score are not displayed.
CWE entry	Reference to the Common Weakness Enumeration element that this vulnerability best fits into.
Date published	Date the vulnerability was published.
Last modified	Date the vulnerability was last modified.
Summary	Description of the vulnerability.
Vulnerability Details
CVSS v2	Imported CVSS v2 data
CVSS v3	Imported CVSS v3 data, not available prior to 2015.
Preferred solution	(Hidden when no VIs are associated with the vulnerability) Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item.
Remediation Status (Hidden when no VIs are associated with the vulnerability)
Excludes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Total VIs	Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Includes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability.
Total VIs	Total number of vulnerable items with this vulnerability.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability.
Related Links
Force software vulnerability import	Re-calculates product mapping with ITSM Software Asset Management based on information from NVD. Updates the Vulnerable Software library.
Version 10.0: Update status	Displays date and time of the last update. Updates the following: Vulnerability group state Risk score and rating Metrics such as Active VIs, Total VIs from the Remediation Status section
Related Lists
Vulnerable Items	(Hidden when no VIs are associated with the vulnerability) Vulnerable items associated with this vulnerability.
Vulnerability References	Information about the vulnerability from external sources, cited by NVD.
Exploits	Exploits associated with this vulnerability.
Solutions	(Hidden when no VIs are associated with the vulnerability) All Vulnerability Solution Management integration solutions associated with this vulnerability.

CWE vulnerability entry fields

The imported fields in this table are read-only.


Field	Description
CWE-ID	Identifier for this vulnerability entry.
Description	Description of the vulnerability.
Knowledge article	Knowledge base article associated with this vulnerability.
Name	Descriptive name assigned to this CWE-ID.

Third-party vulnerability entry fields

The imported fields in this table are read-only.


Field	Description
ID	Identifier for this vulnerability entry.
Source	Origin of the vulnerability — whether a scanner or physical test.
Risk rating	Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low and None. For more information on risk ratings see, Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating is not the same as the Solution record Risk rating
Risk score	Calculated amount of risk the vulnerable item poses to your environment, based on risk score. Note: This base Risk score is not the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules.
Severity	Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map.
Exploit exists	Yes, if at least one exploit is associated with this vulnerability.
Exploit skill level	Lowest skill level required to exploit this vulnerability.
Exploit attack vector	Most vulnerable attack vector of the exploits for this vulnerability.
Active VIs	Number of vulnerable items associated with this vulnerability, not in the Closed state.
Category	Classification provided by the third-party integration. Aids in assignment.
Remediation type	Types of remediation actions. Patch Configuration change Patch and Configuration change Countermeasure
CWE entry	Reference to the Common Weakness Enumeration element that this vulnerability best fits into.
PCI	When the checkbox is selected, the vulnerability is flagged for significant risk for exposure of payment information.
PCI severity	Level of risk for exposure of payment information. [Qualys only.]
Date published	Date the vulnerability was published.
Last modified	Date the vulnerability was last modified.
Summary	Description of the vulnerability.
Vulnerability Details
CVSS v2	Imported CVSS v2 data
CVSS v3	Imported CVSS v3 data, not available prior to 2015.
Threat	Description of the threat from this vulnerability.
Preferred Solution	Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item.
Remediation notes	Description of the remediation solution pulled from the vendor.
Remediation Status
Excludes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Total VIs	Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Includes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability.
Total VIs	Total number of vulnerable items with this vulnerability.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability.
Related Links
Version 10.0: Update status	Displays date and time of the last update. Updates the following: Vulnerability group state Risk score and rating Metrics such as Active VIs, Total VIs from the Remediation Status section
Related Lists
Vulnerable Items	Vulnerable items associated with this vulnerability.
Vulnerability References	Information about the vulnerability from external sources, cited by NVD.
CVEs	Common Vulnerability Enumeration (CVE) record associated with this vulnerability.
Categories	Categories associated with this vulnerability.
Exploits	Exploits associated with this vulnerability.
Vulnerability Malware Kits	Malware kits associated with this vulnerability.
Solutions (Rapid7)	Solution information from the Rapid7 solution integrations. Displayed when available.
Exploit Frameworks	Exploit frameworks associated with this vulnerability.
Solutions	Vulnerability Solution Managementsolutions associated with this vulnerability.

Previous topic

Next topic

Release version

Vulnerability Response vulnerability form fields

NVD entry fields

The imported fields in this table are read-only. Vulnerable Items (VIs), Vulnerable Software, and Vulnerability References are automatically associated and entries can be manually added.


Field	Description
ID	Identifier for this vulnerability entry.
Risk rating	(Hidden when no VIs are associated with the vulnerability) Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating is not the same as the Solution record Risk rating.
Risk score	(Hidden when no VIs are associated with the vulnerability) Calculated amount of risk the vulnerable item poses to your environment. Note: This base Risk score is not the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules.
Severity	Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map.
Exploit exists	Yes, if at least one exploit is associated with this vulnerability.
Exploit skill level	Lowest skill level required to exploit this vulnerability.
Exploit attack vector	Most vulnerable attack vector of the exploits for this vulnerability. Available when SAM NVD is enabled.
Active VIs	(Hidden when no VIs are associated with the vulnerability) Number of vulnerable items associated with this vulnerability, not in the Closed state. If there are no active VIs for this vulnerability, Risk Rating and Risk Score are not displayed.
CWE entry	Reference to the Common Weakness Enumeration element that this vulnerability best fits into.
Date published	Date the vulnerability was published.
Last modified	Date the vulnerability was last modified.
Summary	Description of the vulnerability.
Vulnerability Details
CVSS v2	Imported CVSS v2 data
CVSS v3	Imported CVSS v3 data, not available prior to 2015.
Preferred solution	(Hidden when no VIs are associated with the vulnerability) Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item.
Remediation Status (Hidden when no VIs are associated with the vulnerability)
Excludes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Total VIs	Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Includes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability.
Total VIs	Total number of vulnerable items with this vulnerability.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability.
Related Links
Force software vulnerability import	Re-calculates product mapping with ITSM Software Asset Management based on information from NVD. Updates the Vulnerable Software library.
Version 10.0: Update status	Displays date and time of the last update. Updates the following: Vulnerability group state Risk score and rating Metrics such as Active VIs, Total VIs from the Remediation Status section
Related Lists
Vulnerable Items	(Hidden when no VIs are associated with the vulnerability) Vulnerable items associated with this vulnerability.
Vulnerability References	Information about the vulnerability from external sources, cited by NVD.
Exploits	Exploits associated with this vulnerability.
Solutions	(Hidden when no VIs are associated with the vulnerability) All Vulnerability Solution Management integration solutions associated with this vulnerability.

CWE vulnerability entry fields

The imported fields in this table are read-only.


Field	Description
CWE-ID	Identifier for this vulnerability entry.
Description	Description of the vulnerability.
Knowledge article	Knowledge base article associated with this vulnerability.
Name	Descriptive name assigned to this CWE-ID.

Third-party vulnerability entry fields

The imported fields in this table are read-only.


Field	Description
ID	Identifier for this vulnerability entry.
Source	Origin of the vulnerability — whether a scanner or physical test.
Risk rating	Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low and None. For more information on risk ratings see, Vulnerability Response calculators and vulnerability calculator rules. Note: This base Risk rating is not the same as the Solution record Risk rating
Risk score	Calculated amount of risk the vulnerable item poses to your environment, based on risk score. Note: This base Risk score is not the same as the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules.
Severity	Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map.
Exploit exists	Yes, if at least one exploit is associated with this vulnerability.
Exploit skill level	Lowest skill level required to exploit this vulnerability.
Exploit attack vector	Most vulnerable attack vector of the exploits for this vulnerability.
Active VIs	Number of vulnerable items associated with this vulnerability, not in the Closed state.
Category	Classification provided by the third-party integration. Aids in assignment.
Remediation type	Types of remediation actions. Patch Configuration change Patch and Configuration change Countermeasure
CWE entry	Reference to the Common Weakness Enumeration element that this vulnerability best fits into.
PCI	When the checkbox is selected, the vulnerability is flagged for significant risk for exposure of payment information.
PCI severity	Level of risk for exposure of payment information. [Qualys only.]
Date published	Date the vulnerability was published.
Last modified	Date the vulnerability was last modified.
Summary	Description of the vulnerability.
Vulnerability Details
CVSS v2	Imported CVSS v2 data
CVSS v3	Imported CVSS v3 data, not available prior to 2015.
Threat	Description of the threat from this vulnerability.
Preferred Solution	Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item.
Remediation notes	Description of the remediation solution pulled from the vendor.
Remediation Status
Excludes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Total VIs	Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items.
Includes Deferred
Vulnerable items	Number of active vulnerable items with this vulnerability.
Total VIs	Total number of vulnerable items with this vulnerability.
%VIs remediated	Percent complete for remediation of vulnerable items with this vulnerability.
Related Links
Version 10.0: Update status	Displays date and time of the last update. Updates the following: Vulnerability group state Risk score and rating Metrics such as Active VIs, Total VIs from the Remediation Status section
Related Lists
Vulnerable Items	Vulnerable items associated with this vulnerability.
Vulnerability References	Information about the vulnerability from external sources, cited by NVD.
CVEs	Common Vulnerability Enumeration (CVE) record associated with this vulnerability.
Categories	Categories associated with this vulnerability.
Exploits	Exploits associated with this vulnerability.
Vulnerability Malware Kits	Malware kits associated with this vulnerability.
Solutions (Rapid7)	Solution information from the Rapid7 solution integrations. Displayed when available.
Exploit Frameworks	Exploit frameworks associated with this vulnerability.
Solutions	Vulnerability Solution Managementsolutions associated with this vulnerability.

How search works:

Topics are ranked in search results by how closely they match your search terms

Vulnerability Response vulnerability form fields

Vulnerability Response vulnerability form fields

NVD entry fields

CWE vulnerability entry fields

Third-party vulnerability entry fields

On this page

Vulnerability Response vulnerability form fields

Vulnerability Response vulnerability form fields

NVD entry fields

CWE vulnerability entry fields

Third-party vulnerability entry fields

Log in to personalize your search results and subscribe to topics