Skip to main content

Searching by Vulnerability

You can search for a vulnerability by entering the CVE or Cx ID in the search box. If the vulnerability is cataloged in our database then results are shown giving detailed information about the nature of the threat and its severity. Also, a list of packages (and relevant versions) that are affected by the vulnerability is shown.

To search for a vulnerability:

  1. Go to AppSec Knowledge Center > Vulnerability tab.

    6426657307.png
  2. In the search box, enter the CVE or Cx vulnerability name. (For CVEs the format is e.g., “CVE-2021-23369”, For Cx vulnerabilities the format is e.g., “Cxeb68d52e-5509”).

  3. Click Search.

    The results are shown below the search box.

Viewing Vulnerability Results

The vulnerability results shows detailed info about the specified vulnerability. The top info pane gives general info about the vulnerability, and the separate cards below it show detailed info about various aspects of the risks posed by the vulnerability.

6426919537.png

Info Pane

6426657315.png

The following table describes the info shown in the Info pane.

Item

Description

Possible Values

ID

The ID of the CVE or Cx listing. Click on the link to view further details on the NVD website.

e.g., CVE-2020-8840

CWE

The ID of the CWE listing. Click on the link to view further details on the CWE website.

e.g., 502

Risk Level

The severity level of the vulnerability, based on its CVSS score in the NVD.

  • HIGH (RED) - (7.1 to 10.0)

  • MEDIUM (ORANGE) - (3.1 to 7.0)

  • LOW (GREY) - (0.0 - 3.0)

For more info see Severity Levels.

Published

The date the vulnerability was published in the CVE or Cx database.

e.g., Jun 24, 2020

Vulnerability Details Sections

6426657321.png

The following table describes the info shown in the Vulnerability Details sections.

Item

Description

Information

A description of the nature of the threat posed by the vulnerability.

References

Links to external resources about the vulnerability. Links are given for topics such as: Advisory, Commit, Release Notes, Issue etc.

Vulnerable Versions

Shows each package that contains the vulnerability. For each package, all affected versions are shown. Click on a package version to show additional info about the vulnerabilities contained in that package in the AppSec Knowledge Center > Package tab.

CVSS Information

Shows the CVSS Version, Score, and Severity, as well as the components that make up the CVSS score including: Attack Vector, Confidentiality Impact, Attack Complexity, Integrity Impact, Authentication, and Availability Impact. For a full explanation of the metrics that make up the CVSS score, see section 2 of this article.

The top of the pane shows the version of CVSS that provides this score. If version 2 and 3 are both available then you can click on the tabs to show results for each version.