Searching by Vulnerability
You can search for a vulnerability by entering the CVE or Cx ID in the search box. If the vulnerability is cataloged in our database then results are shown giving detailed information about the nature of the threat and its severity. Also, a list of packages (and relevant versions) that are affected by the vulnerability is shown.
To search for a vulnerability:
Go to AppSec Knowledge Center > Vulnerability tab.
In the search box, enter the CVE or Cx vulnerability name. (For CVEs the format is e.g., “CVE-2021-23369”, For Cx vulnerabilities the format is e.g., “Cxeb68d52e-5509”).
Click Search.
The results are shown below the search box.
Viewing Vulnerability Results
The vulnerability results shows detailed info about the specified vulnerability. The top info pane gives general info about the vulnerability, and the separate cards below it show detailed info about various aspects of the risks posed by the vulnerability.
 |
Info Pane
 |
The following table describes the info shown in the Info pane.
Item | Description | Possible Values |
|---|---|---|
ID | The ID of the CVE or Cx listing. Click on the link to view further details on the NVD website. | e.g., CVE-2020-8840 |
CWE | The ID of the CWE listing. Click on the link to view further details on the CWE website. | e.g., 502 |
Risk Level | The severity level of the vulnerability, based on its CVSS score in the NVD. |
For more info see Severity Levels. |
Published | The date the vulnerability was published in the CVE or Cx database. | e.g., Jun 24, 2020 |
Vulnerability Details Sections
 |
The following table describes the info shown in the Vulnerability Details sections.
Item | Description |
|---|---|
Information | A description of the nature of the threat posed by the vulnerability. |
References | Links to external resources about the vulnerability. Links are given for topics such as: Advisory, Commit, Release Notes, Issue etc. |
Vulnerable Versions | Shows each package that contains the vulnerability. For each package, all affected versions are shown. Click on a package version to show additional info about the vulnerabilities contained in that package in the AppSec Knowledge Center > Package tab. |
CVSS Information | Shows the CVSS Version, Score, and Severity, as well as the components that make up the CVSS score including: Attack Vector, Confidentiality Impact, Attack Complexity, Integrity Impact, Authentication, and Availability Impact. For a full explanation of the metrics that make up the CVSS score, see section 2 of this article. The top of the pane shows the version of CVSS that provides this score. If version 2 and 3 are both available then you can click on the tabs to show results for each version. |