NeuVector Vulnerability database sources and CVE report information
This document (000020941) is provided subject to the disclaimer at the end of this document.
Primary sources for CVE database:
- NeuVector primarily sticks to the NVD CVSS [v2 and V3] for generating the final severity rating.
- Severity in the CVE report depends on the maximum score between v2 and v3. [>=7 -> High || <7 -> Medium]
- All sources for the CVE database are listed here - https://open-docs.neuvector.com/scanning/cve_sources#cve-database-sources
What is CVE, NVD and CVSS?
- CVE is the acronym for Common Vulnerability and Exposures and is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Records are used in numerous cybersecurity products and services from around the world, including NVD.
- NVD is the acronym for National Vulnerability Database built upon and fully synchronized with the CVE List so that any updates to CVE appear immediately in NVD.
- CVSS is the acronym for Common Vulnerability Scoring System which provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
Vulnerability Management in NeuVector:
- All aspects of vulnerability management within NeuVector are mentioned in our documentation - https://open-docs.neuvector.com/scanning/scanning/vulnerabilities
- Common fields to understand in the severity reports are listed below:
Feed Rating: Various severity ratings from the different feeds. For example, Ubuntu --> medium/high, Red Hat --> Moderate, Important, Critical, etc.
in_base_image: In the scan result, for each vulnerability, a field "in_base_image" is added to indicate if the vuln. is in the given base image.
score: CVSS v2 score.
scorev3: CVSS v3 score.
Link: URL for the CVE reported
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020941
- Creation Date: 18-Jan-2023
- Modified Date:18-Jan-2023
- SUSE NeuVector
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com