CVE support
CVE (Common Vulnerabilities and Exposures) is an industry standard list that provides common names for publicly known information security vulnerabilities and exposures. This makes it easier to share data across separate databases and tools. (For more details see the CVE website at: http://cve.mitre.org/)
AppScan advisories for vulnerabilities that have been assigned a CVE that include the reference, with a link to the description on the CVE website. (CVEs begin with the letters CVE for accepted vulnerabilities or CAN for candidate ones.)
You can:
- See the CVE that is tested for by any particular test, in Test Policy view (Scan Configuration > Test Policy; see Test policy and optimization)
- List all tests that have CVEs by searching for CVE abd CAN strings in Test Policy view
- Search for a particular CVE by searching for its ID in Test Policy view
- Include CVEs (as part of the advisory) in reports