Vulnerability data can be imported from the National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), or third-parties and used to decide whether to escalate a vulnerability group. Once imported, you can update NVD records on-demand or configure a scheduled job to update them or CWE regularly. Vulnerability Response stores them under Libraries.

The Common Vulnerability Scoring System (CVSS), included in NVD and third-party entries, captures the main characteristics of a vulnerability.Vulnerability Response uses CVSS data to produce a normalized value reflecting vulnerability severity. When the severity is computed, the vulnerability provides a better understanding of the risk posed by this vulnerability to your organization. Severity helps you assess and prioritize vulnerability remediation.

If this is your first installation of Vulnerability Response, perform an initial import of CWE, and then NVD records when you configure your scheduled jobs. See Configure the scheduled job for updating CWE records and prior to Vulnerability Response v13.0, Configure the scheduled job for updating NVD records (Prior to v13.0) for more information.

By default, prior to v13.0, all data feeds for NVD Auto-update are disabled. To enable the feeds you want, see Configure the scheduled job for updating NVD records (Prior to v13.0).

Starting with v13.0, the NIST National Vulnerability Database Integration - API (CVE only) integration is pre-configured and activated. It runs daily. See or Understanding the NVD integrations for more information.

CWE updates are On Demand, by default, and must be enabled for a scheduled job. See Configure the scheduled job for updating CWE records.

The Vulnerable items in your system are grouped and are usually managed in bulk, but can be managed individually. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source. For information on the vulnerability entry fields, see Vulnerability Response vulnerability form fields.