CVE support

CVE (Common Vulnerabilities and Exposures) is an industry standard list that provides common names for publicly known information security vulnerabilities and exposures. This makes it easier to share data across separate databases and tools. (For more details see the CVE website at: http://cve.mitre.org/)

AppScan advisories for vulnerabilities that have been assigned a CVE ID, include the reference, with a link to the description on the CVE website. (CVE IDs begin with the letters CVE for accepted vulnerabilities or CAN for candidate ones.)

You can:

  • View the CVE ID of a test result in the advisory for the test (see How to Fix tab)
  • Click on the CVE ID to link to its description on the CVE website
  • Include CVE IDs (as part of the advisory) in reports
  • See the CVE ID that is tested for by any particular test, in Test Policy view (Scan Configuration > Test Policy; see Test Policy view)
  • List all tests that have CVE IDs by searching for CVE abd CAN strings in Test Policy view
  • Search for a particular CVE by searching for its ID in Test Policy view