CVE record

Vulnerabilities are linked to components by the Common Vulnerabilities and Exposures numbers (CVEs), as reported in the National Vulnerabilities Database (NVD) maintained by the National Institutes of Standards and Technology (NIST).

The CVE record provides overview information on a vulnerability, a list of affected projects, and links to references.

Overview tab

By default, the Overview tab appears and displays the following information:

  • The title bar displays the CVE number, a published date (date that NVD published the CVE), and an updated date (last modified date by NVD).

  • A description of the vulnerability.

    If there is a BDSA record, select the link to view this information.

  • The Scores and Metrics section displays the scores for the related BDSA and NVD records (if applicable), based on the Common Vulnerability Scoring System (CVSS). Select a value above the graph to view the information in the graph and details below.

    This section may also display a comparative, side-by-side graph if the vulnerability also has a BDSA record.



Note: For more information on vulnerability metrics, visit the NVD web site: https://nvd.nist.gov/vuln-metrics

Affected Projects tab

Select this tab to see a list of your projects that are affected by this vulnerability.


Affected Projects tab

This tab lists all projects affected by this vulnerability:

  • Project name and version affected by this vulnerability.

  • Component name and version that contains this vulnerability.

  • Remediation status of this vulnerability. Possible values are: New, Needs review, Mitigated, Patched, Duplicate, Remediation Required, Remediation Complete, or Ignored.

  • Target date for remediating this vulnerability.

  • Actual date this vulnerability was remediated.

Select in the row of a project and select:

  • View all vulnerabilities to view all vulnerabilities affecting this project version.

  • View related files to view to display the Source tab filtered to display the affected files.

Use this tab to remediate the vulnerability for one or more projects by origin:

  • In the row of the single project you want to remediate, do one of the following:

    • Select Options button, select Update Remediation Plan, enter the remediation details, and click Update.

    • Select Checkbox and click Remediate. Enter the remediation details, and click Update.

  • For multiple projects that need the same remediation status, select Checkbox in each row and click Remediate. In the Bulk Remediation dialog box, enter the remediation details, and click Update

References tab

Select the References tab to view links for additional information.


CVE References tab

Settings tab

Use this tab to manage the global remediation for this vulnerability. Click here for more information.