CVE Instances

You can view information about Common Vulnerabilities and Exposures (CVE) instances that are associated with Common Platform Enumeration (CPE) applications, including the most critical CVEs, the CVSSv3 and CVSSv2 scores, and the number of affected applications. You can easily find the computers that are affected by software in your environment.

From the top menu, click Assets> Applications, and then select the CVE Instances tab.

The table lists all CVE instances. You can use the grouping and filtering options to determine the information that is displayed, and the Find Computers button to find computers affected by a CVE instance. To view hidden CPE applications, click the check box next to Include Hidden CPE Applications.

The CVE Instances tab on the Applications page

Tip: If a CVE instance is critical, an event will have been generated, and you can view it on the Alert Instances page.

The Alert Instances page showing two Critical CVE Detected alerts

Table 1. CVE Instances Page Fields
Field	Description
`CVE ID`	The unique identification number of the CVE instance on the NIST website.
`CPEs`	The number of CPE applications which are affected by this CVE instance.
`CVSSv3 Score`	The CVSS v3 score for the CVE instance. The v3 score is used to track the vulnerability level of different findings, and has five tier levels.
`CVSSv3 Vector`	The vector associated with the CVSS v3 score.
`CWE ID`	The unique identification number of the Common Weakness Enumeration (CWE) type on the CWE list.
`CVSSv2 Score`	The CVSS v2 score for the CVE instance. The v2 score is used to track the vulnerability level of different findings, and has three tier levels.
`CVSSv2 Vector`	The vector associated with the CVSS v2 score.
`Matched CPEs`	If the application is matched against a CPE Dictionary item, the matched item’s well-formed name is displayed.