Vulnerability Response vulnerability form fields
-
- UpdatedFeb 6, 2025
- 7 minutes to read
- Yokohama
- Vulnerability Response
Vulnerabilities are created automatically when records are downloaded from the National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), or third-party integrations and stored under Libraries in Vulnerability Response.
NVD entry fields
To view imported data in the fields listed in the following tables, you must have, at a minimum, the sn_vul.read_all role.
These fields are found on records listed in the National Vulnerability Database Entries [sn_vul_nvd_entry] table.
Field | Description |
---|---|
ID | Identifier for this vulnerability entry. |
Risk rating |
(Hidden when no VITs are associated with the vulnerability) Quantified Risk Score separating vulnerable items into Critical, High, Medium, Low, and None. For more information on risk ratings, see Vulnerability Response calculators and vulnerability calculator rules.
Note: This base Risk rating is not the same as the Solution record Risk rating. |
Risk score |
(Hidden when no VITs are associated with the vulnerability) Calculated amount of risk the vulnerable item poses to your environment. Note: This base Risk score is not the same as the Solution record Risk score.
For more information, see Vulnerability Response calculators and vulnerability calculator rules. |
Severity | Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map. |
Exploit exists | Yes, if at least one exploit is associated with this vulnerability. |
Exploit skill level | Lowest skill level required to exploit this vulnerability. |
Exploit attack vector |
Most vulnerable attack vector of the exploits for this vulnerability. Available when SAM NVD is enabled. |
Active VIs | (Hidden when no VITs are associated with the vulnerability) Number of vulnerable items associated with this vulnerability, not in the Closed state. If there are no active VIs for this vulnerability, Risk Rating and Risk Score are not displayed. |
CWE entry | Reference to the Common Weakness Enumeration element that this vulnerability best fits into. |
Date published | Date the vulnerability was published. |
Last modified | Date the vulnerability was last modified. |
Summary | Description of the vulnerability. |
Threat intel (starting with Vulnerability Response version 20.0) | Threat intelligence provided by Qualys. With this data, you can understand a threat actor's motives, targets and attack behaviors. |
Vulnerability Details | |
CVSS v2 | Imported CVSS v2 data |
CVSS v3 | Imported CVSS v3 data, not available prior to 2015. |
Preferred solution |
(Hidden when no VITs are associated with the vulnerability) Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item. |
CISA Exploit
(This tab is available only when the CISA application is installed.) |
|
CISA due date | Deadline to resolve the vulnerability. |
Date added | Date when the vulnerability was added to the CISA catalog. |
Product | Product on which the vulnerability was identified. |
Vendor/Project | Vendor associated with the identified vulnerability. |
Known ransomware Starting from v21.0 of Vulnerability Response. |
Selected when the field Known To Be Used in Ransomware Campaigns is ingested from the CISA Known Exploited Vulnerabilities (KEVs) catalog. The flag is set at the Common Vulnerabilities and Exposures (CVE) level and rolled up to the third-party entry (TPE). |
Remediation Status
(Hidden when no VIs are associated with the vulnerability) |
|
Excludes Deferred | |
Vulnerable items | Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
Total VIs | Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
%VIs remediated | Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
Includes Deferred | |
Vulnerable items | Number of active vulnerable items with this vulnerability. |
Total VIs | Total number of vulnerable items with this vulnerability. |
%VIs remediated | Percent complete for remediation of vulnerable items with this vulnerability. |
Related Links | |
Update status |
Displays date and time of the last update. Updates the following:
|
Related Lists | |
Vulnerable Items |
(Hidden when no VITs are associated with the vulnerability) Vulnerable items associated with this vulnerability. |
Vulnerability References | Information about the vulnerability from external sources, cited by NVD. |
Exploits | Exploits associated with this vulnerability. |
Solutions |
(Hidden when no VITs are associated with the vulnerability) All Vulnerability Solution Management integration solutions associated with this vulnerability. |
Weaknesses | Imported Weakness data associated to a Common Vulnerabilities and Exposures (CVE). |
Vulnerable Software |
(Hidden when software is associated with the CVE) Imported Common Platform Enumeration (CPE) data associated with the vulnerability. |
Vulnerability Malware Kits | Malware imported from various scanner sources, for a vulnerability. |
CWE vulnerability entry fields
These fields are found on records listed in the CWEs [sn_vul_cwe] table.
Field | Description |
---|---|
CWE-ID | Identifier for this vulnerability entry. This identifier is used for both Categories and Weaknesses, and are unique between the two datasets. |
Name | Descriptive name assigned to this CWE-ID. |
Likelihood of exploit | How likely the weakness is to be exploited, on a qualitative scale. One of:
|
OWASP Top 10 Position | This vulnerability's numerical position in the OWASP top 10 list. |
SANS To 25 Position | This vulnerability's numerical position in the SAN top 25 list. |
Class | Type of weakness |
Status | One of:
|
Abstraction | One of:
|
Updated | Last time the record was updated in the instance. |
Functional areas | List of functional areas affected. For example, File Processing. Only populated for 24/862 weaknesses. |
Affected Resources | List of affected resources. For example, File or Directory. Only populated for 51/863 weaknesses. |
URL | Knowledge base article associated with this vulnerability. |
Description | Description of the vulnerability. |
Integration run | The integration run this CWE was imported in. |
Sections | |
Additional details | Software concept descriptions that further explain the weakness. Includes:
|
Detection methods | Details on how you might detect this weakness in an application. |
Modes of introduction | The phases in which the weakness is introduced for example, Implementation, Architecture and Design, and so on. |
Demonstrative examples | Code examples of the weakness with accompanying descriptions. |
Potential mitigations | Details on how to prevent the weakness, including which phase of the application lifecycle it occurs in, and effectiveness of the mitigation. |
Related Lists | |
Relationships | CWEs associated to this vulnerability. Lists relationships between this CWE and others. Can include parent/child, follows/precedes, requiredby/requires (for composite weaknesses), CanAlsoBe, PeerOf, MemberOf . |
Observed Examples | Some CVEs that are representative of this weakness. |
Common Consequences | Consequences of a successful exploit, in terms of scope and impact. For example: Scope: Confidentiality Impact: Read Application Data |
Memberships | CWE memberships with this vulnerability. |
Applicable Platforms | Platforms associated with this vulnerability. |
Application Vulnerability Entries | Other application vulnerability entries associated with one. |
External References | Information about the vulnerability from external sources. |
Third-party vulnerability entry fields
These fields are found on records listed in the Third-party Vulnerability Entries [sn_vul_third_party_entry] table.
Field | Description |
---|---|
ID | Identifier for this vulnerability entry. |
Version 16.0: CVEs | Multiple Common Vulnerability and Exposures (CVEs) associated with this third-party vulnerability. |
Source | Origin of the vulnerability — whether a scanner or physical test. |
Risk rating | Quantified Risk Score separating vulnerable items into
Critical, High, Medium, Low and None. For more information on risk ratings see,
Vulnerability Response calculators and vulnerability calculator rules. Note: This base
Risk rating is not the same as the Solution record
Risk rating |
Risk score | Calculated amount of risk the vulnerable item poses to your environment, based on
risk score.
Note: This base Risk score is not the same as
the Solution record Risk score. For more information, see Vulnerability Response calculators and vulnerability calculator rules. |
Severity | Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Create a Vulnerability Response severity map. |
Exploit exists | Yes, if at least one exploit is associated with this vulnerability. |
Exploit skill level | Lowest skill level required to exploit this vulnerability. |
Exploit attack vector | Most vulnerable attack vector of the exploits for this vulnerability. |
Active VIs | Number of vulnerable items associated with this vulnerability, not in the Closed state. |
Category | Classification provided by the third-party integration. Aids in assignment. |
Remediation type | Types of remediation actions.
|
CWE entry | Reference to the Common Weakness Enumeration element that this vulnerability best fits into. |
PCI | When the checkbox is selected, the vulnerability is flagged for significant risk for exposure of payment information. |
PCI severity | Level of risk for exposure of payment information. [Qualys only.] |
Date published | Date the vulnerability was published. |
Last modified | Date the vulnerability was last modified. |
Summary | Description of the vulnerability. |
Vulnerability Details | |
CVSS v2 | Imported CVSS v2 data |
CVSS v3 | Imported CVSS v3 data, not available prior to 2015. |
Threat | Description of the threat from this vulnerability. |
Preferred Solution | Solution of the highest-supersedence in the chain, derived from the solutions referenced in the vulnerability. If more than one highest-supersedence exists in the chain, no value is set. Any value set manually can be overwritten on subsequent imports. Setting this value manually should be done on the vulnerable item. |
Remediation notes | Description of the remediation solution pulled from the vendor. |
Remediation Status | |
Excludes Deferred | |
Vulnerable items | Number of active vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
Total VIs | Total number of vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
%VIs remediated | Percent complete for remediation of vulnerable items with this vulnerability. This count excludes deferred vulnerable items. |
Includes Deferred | |
Vulnerable items | Number of active vulnerable items with this vulnerability. |
Total VIs | Total number of vulnerable items with this vulnerability. |
%VIs remediated | Percent complete for remediation of vulnerable items with this vulnerability. |
Related Links | |
Update status | Displays date and time of the last update. Updates the following:
|
Related Lists | |
Vulnerable Items | Vulnerable items associated with this vulnerability. |
Vulnerability References | Information about the vulnerability from external sources, cited by NVD. |
CVEs | Common Vulnerability Enumeration (CVE) record associated with this vulnerability. |
Categories | Categories associated with this vulnerability. |
Exploits | Exploits associated with this vulnerability. |
Vulnerability Malware Kits | Malware kits associated with this vulnerability. |
Solutions (Rapid7) | Solution information from the Rapid7 solution integrations. Displayed when available. |
Exploit Frameworks | Exploit frameworks associated with this vulnerability. |
Solutions | Vulnerability Solution Management solutions associated with this vulnerability. |
CISA Exploit | |
CISA exists | CISA exploit exists for the Third-Party Vulnerabilities Entry table. |
CISA due date | Deadline to resolve the vulnerability. |