SUSE Support

Here When You Need Us

NeuVector Vulnerability database sources and CVE report information

This document (000020941) is provided subject to the disclaimer at the end of this document.

Situation

As a user of the NeuVector security tool, one needs to know the sources for the CVE database and how to interpret the CVE report.

Resolution

Primary sources for CVE database:

 

What is CVE, NVD and CVSS?

  • CVE is the acronym for Common Vulnerability and Exposures and is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Records are used in numerous cybersecurity products and services from around the world, including NVD.
  • NVD is the acronym for National Vulnerability Database built upon and fully synchronized with the CVE List so that any updates to CVE appear immediately in NVD.
  • CVSS is the acronym for Common Vulnerability Scoring System which provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Vulnerability Management in NeuVector:

Severity: NeuVector rating either of Medium or High based on the higher of the two CVSS scores.
Feed Rating: Various severity ratings from the different feeds. For example, Ubuntu --> medium/high, Red Hat --> Moderate, Important, Critical, etc.
in_base_image: In the scan result, for each vulnerability, a field "in_base_image" is added to indicate if the vuln. is in the given base image.
score: CVSS v2 score.
scorev3: CVSS v3 score.
Link: URL for the CVE reported

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020941
  • Creation Date: 18-Jan-2023
  • Modified Date:18-Jan-2023
    • SUSE NeuVector

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.