View the Inferred CVEs for a Service

Cortex Xpanse provides information about the Inferred CVEs that may be impacting a service.
The Inferred CVEs that may impact a specific service are listed on the Services details page in Cortex Xpanse. A service can have several software packages running on it, so it is common for there to be Inferred CVEs for different products impacting a single service.
  1. Navigate to the
    Services
    tab in Cortex Xpanse.
  2. From the list of services, select a service by clicking on the relevant row.
    The Inferred CVEs column in the service list indicates how many Inferred CVEs are potentially affecting that service.
  3. On the Service details page, scroll to the
    Inferred Potential CVEs
    section, and expand the list.
    For each Inferred CVE, Cortex Xpanse provides the information listed in the following table to help you determine which of the Inferred CVEs should be addressed.
    Field
    Description
    CVE ID
    The CVE ID is linked to the CVE entry in the National Vulnerability Database
    CVSS v3 Score
    The Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of software security vulnerabilities. CVSS scores range from 0 to 10, with 10 being the most severe. For the specific metrics used to calculate a CVSS v3 score, see https://www.first.org/cvss/.
    N/A indicates that the CVE doesn’t have a CVSS v3 score.
    CVSS v2 Score
    The Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of software security vulnerabilities. CVSS scores range from 0 to 10, with 10 being the most severe. For the specific metrics used to calculate a CVSS v2 score, see https://www.first.org/cvss/.
    N/A indicates that the CVE doesn’t have a CVSS v2 score.
    Confidence
    Confidence in the CVE inference
    • High
      —An exact version match
    • Medium
      —An approximate version match
    • Low
      —A match based on product name only
    For more information about Inferred CVE match confidence, see Inferred CVEs.
    Inferred From
    Lists the product name and version information that Cortex Xpanse used to make the CVE inference.
    • Product name and version number
      —Matched on both product name and version.
    • Product name only
      —Matched on product name only because the service doesn’t advertise version information.
    • Product name and Non-version-specific CVE
      —Matched on product name only because the National Vulnerability Database CVE definition does not include version numbers.

Recommended For You