How do I read and make sense of the vulnerability data?

The vulnerability details page has the following pieces of information about the vulnerability:

  • Title and Summary of the vulnerability
  • CVSS V3 and V2 scores along with the Severity – In the absence of actual CVSS score, you can use the predicted CVSS scores. These scores are predicted using ThreatWorx ATTENU8 AI engine.
  • Weaponization Risk – If the vulnerability is not known to be already weaponized or exploited in the wild, then ATTENU8 AI engine predicts the likelihood of weaponization.
  • Impacted Assets – This displays details about existing assets that are impacted by this vulnerability.
  • Published and Last Modified details
  • CWE type – Nature / Type of the vulnerability
  • There are some tabs which display additional information as below:
    • Overview – displays timeline view of the vulnerability with regards to exploit, etc.
    • Vendor Advisories – displays details about the Affected Products, Patches Released, Remediations Published and Exploits
    • Vulnerability Wheel – This depicts a comprehensive view of the vulnerability along with all of its associated advisories. You can select a specific advisory from the vulnerability wheel to view its details.
    • Affected Products – provides a list of the affected product names along with their version information.
    • Patches & Remediations | Exploits – Provides details about the available patches / remediations along with exploit information.
    • Blogs / References – provides links for further reading material and information about the vulnerability.