Assess the zero-day (current day) exposure of your assets to vulnerable software with the Vulnerability Exposure Assessment application.

Important: You can perform the exposure assessment by Common Vulnerabilities and Exposures (CVE) and software to leverage the additional capabilities in the Vulnerability Assessment Workspace. For more information, see Explore the Vulnerability Assessment Workspace.

Role required: admin

Compatibility and system requirements

The Vulnerability Response application is available on the ServiceNow Store. The Software Asset Management (SAM) Foundation application [com.snc.asset_management] is installed as part of the Vulnerability Response application. To verify that the SAM Foundation application is installed on your instance, navigate to System Applications > All Available Applications > All and search for com.snc.asset_management. If the application isn’t installed, select Install. For more information on SAM Foundation, see Software Asset Management Foundation plugin.

Since the Vulnerability Exposure Assessment application requires access to the asset data on your ServiceNow AI Platform® instance, the asset management applications must have data to reference. The Software Discovery Models table [cmdb_sam_sw_discovery_model] and the Software installations [cmdb_sam_sw_install] require data.

The Vulnerability Exposure Assessment application also works with either the SAM Foundation or the SAM Pro ServiceNow AI Platform® applications. The SAM Pro application is not part of the core Vulnerability Response product from the ServiceNow Store and requires a separate subscription.
Note: The SAM Pro application is required only for the Content Library which can yield better results.

Starting with v23.0 of Vulnerability Response, if you have the Pro or Enterprise subscription, you will be redirected to the Exposure Assessment page in the Workspaces based on your role upon clicking the Exposure Assessment link in the All menu:

Table 1. Accessing Exposure assessment page in the workspaces
Role Workspace
Vulnerability Manager Vulnerability Manager Workspace
Event Manager [sn_vul_analyst.vul_event_manager] or Emergency Response [sn_vul_analyst.emergency_response] Vulnerability Assessment Workspace

To avoid being redirected to the workspaces and remain on the Classic Exposure Assessment page, set the Link Type to List of Records in the Link type tab on the Module - Exposure Assessment page. You can access the Module - Exposure Assessment page by selecting the Edit Module icon next to the Exposure Assessment link in the All menu.

With the vulnerability write role [sn_vulnerability_write], you can view the Exposure Assessment module and create and edit exposure assessment records on-demand for vulnerable software in your instance with the Vulnerability Response application.