Vulnerabilities

5.0 Vulnerabilities

A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases.

To open Vulnerabilities page, click on the Vulnerabilities tab from the main menu.

Sl.No.Description
1Quick Filter
2Advanced Filter
3Vulnerabilities List

5.1 Vulnerabilities List

On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information:

  1. External Id of the vulnerabilities.
  2. Title of the vulnerabilities.
  3. Weighting.
  4. Publish date: This is the date that the vulnerability was published.
  5. Last Update: This is the date that the vulnerability was last updated.

NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

5.2 Quick Filter

You can use the Quick Filter to search for a vulnerability. To search for a particular vulnerability, use the type field.

5.3 Advanced Filter

The Advance Filter dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure:

  1. Search the Vulnerability by CVE ID (Common Vulnerabilities and Exposures).
  2. Search the vulnerability by Vulnerable Configuration.

5.4 View Vulnerability

To open a view mode for a Vulnerability:

Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the External ID. When you click on External ID for a vulnerability you are displayed with the following information:

  • Summary
  • Metadata
  • References

NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.

A. Summary

To view summary information for the vulnerability, click on Summary. You can now view the following vulnerability information:

  • Title
  • Description
  • External ID
  • Publish date
  • Last update date
  • Priority
  • Priority Text
  • Action
  • Impact
  • Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool.
  • Assigned External Component IDs
  • Vendor Advisories: Here you can view the vendor and a web address to the release
  • Vulnerability Scoring (CVVS)
  • Access
  • Common Weakness enumerations
  • Vulnerable Configurations
  • Linked releases: List of all the releases that the vulnerability is linked to.

B. Metadata (To be added)

To view metadata for the vulnerability, click on Metadata.

C. References

To view all the references for the vulnerability, click on References. This page lists all referenced websites.

Last modified March 29, 2023: upd(project): Major updates (0672702)