NeuVector Vulnerability database sources and CVE report information

Primary sources for CVE database:

• NeuVector primarily sticks to the NVD CVSS [v2 and V3] for generating the final severity rating.
• Severity in the CVE report depends on the maximum score between v2 and v3. [>=7 -> High || <7 -> Medium]
• All sources for the CVE database are listed here - https://open-docs.neuvector.com/scanning/cve_sources#cve-database-sources

What is CVE, NVD and CVSS?

• CVE is the acronym for Common Vulnerability and Exposures and is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Records are used in numerous cybersecurity products and services from around the world, including NVD.
• NVD is the acronym for National Vulnerability Database built upon and fully synchronized with the CVE List so that any updates to CVE appear immediately in NVD.
• CVSS is the acronym for Common Vulnerability Scoring System which provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Vulnerability Management in NeuVector:

• All aspects of vulnerability management within NeuVector are mentioned in our documentation - https://open-docs.neuvector.com/scanning/scanning/vulnerabilities
• Common fields to understand in the severity reports are listed below: