You can view vulnerability data imported from the National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), or third-parties to decide whether to escalate a remediation task.

Before you begin

Role required: sn_vul.remediation_owner

Procedure

  1. Navigate to All > Vulnerability Response > Libraries.

    For information on specific fields, see Vulnerability Response vulnerability form fields.

    The following libraries are available:
    Libraries Description
    NVD List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics including exploits.
    CWE

    List of community-developed software weakness types.

    Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.
    Third-party List of imported third-party vulnerabilities in your instance. Contains a list of related references, vulnerable items, exploits, and CVEs.
  2. Choose a library to view vulnerabilities.
  3. Click a link in the list to open a record.

    A CVE record in the National Vulnerabilities Database Entries library. More information is available in the Related Links. After a data import, you can pick a vulnerability and explore its relationships to vulnerable items, exploits, possible solutions, potential patches, and any references to KB Articles in the HI Knowledge Base. If Vulnerability Solution Management is installed, you can view a preferred solution on NVD records if one is available.

    Example NVD vulnerability entry.