You can view information about Common Platform Enumeration (CPE) products using their CPE names and then use this standardized information to help make fully or partially automated decisions regarding the application assets. You can also view information about related Common Vulnerabilities and Exposures (CVE) instances.

The table lists all applications. You can use the grouping and filtering options to affect what information is displayed.

From the top menu, click Assets> Applications, and then select the CPE Applications tab.

You can view, edit, and take actions on items.
Tip: To control the CPE configuration, you can configure it by using the Configure CPE button. You can initiate synchronization and matching with the CPE library by using the Execute sync and matching now button.
Note: The CPE Application list can be lengthy. You can hide items such as internal IT tools to make the list more consumable. Toggle the Show Hidden CPE Applications to turn their visibility on and off.

The CPE Applications tab on the Applications page

Table 1. CPE Applications Page Fields

Field

Description

Company

The Company name (if provided) in the file metadata.

Product Name

The Product Name (if provided) in the file metadata.

Product Version

The Product Version (if provided) in the file metadata.

Constructed CPE Item

Describes a set of products or to identify an individual product. This field uses the well-formed-name construction defined by:  https://csrc.nist.gov/publications/detail/nistir/7695/final

Total CVEs If the application is matched against CVE instances, the total number of CVE instances is displayed.
Most Dangerous CVE If the application is matched against CVE instances, the most dangerous instance is displayed.
Highest CVSSv3 Score If the application is matched against CVE instances, the highest CVSS v3 score of the CVE instances is displayed.

Matched Title

If the application is matched against a CPE Dictionary item, the matched item’s title displays.

Matched CPE Item

If the application is matched against a CPE Dictionary item, the matched item’s well-formed name is displayed.

Date Modified

If the CPE match information has been modified since creation or import, date and time it was modified.

Last Modified By

If the CPE match information has been modified since creation or import, the user who modified it.
Matched CVEs If the application is matched against a CVE instance, the matched instance name is displayed. If a critical CVE is matched, an event is generated, which can be viewed on the Alert Instances page, stating that a critical CVE is detected.
Matched Vendor If the application is matched against a CPE Dictionary item, the matched item’s vendor is displayed.
Matched Name If the application is matched against a CPE Dictionary item, the matched item’s name is displayed.
Matched Version If the application is matched against a CPE Dictionary item, the matched item’s version is displayed.