Each vulnerability in the KnowledgeBase is assigned an ID (QID). Additional information for classification and tracking is provided.
The Entry Details section provides the following details of KnowledgeBase entry:
- Basic information, such as assigned ID, type, severity of the vulnerability, category, authentication, and discovery method.
For details, see Severity levels | Vulnerability Categories | Discovery Method | Malware
- Vulnerability references, such as CVE ID, OWASP. For details, Vulnerability References.
- CVSS scores. For details, Tell me about CVSS.
The Vendor & Software section lists the associated software products and vendors affected by the selected vulnerability.
The Threat section lists the threat or what this vulnerability exploits.
description of the security threat associated with the vulnerability
The Impact section presents the impact and the risk that is posed because of the selected vulnerability.
gives a description of the possible consequences that may occur if the vulnerability is successfully exploited.
The Solution section provides a suggested solution to fix the vulnerability. This may include a link to a patch, update, the vendor's Web site, or a workaround.
This Exploitability section lists known exploits available from third-party vendors and/or publicly available sources for the selected vulnerability. For details, see Exploitability.
The Malware tab provides details of the known malware for the selected vulnerability. For details, see Malware.
The Compliance section lists compliance-related information, that is, if the selected vulnerability is associated with any government or industry-specific regulations or information technology standard. For details, Compliance Definitions.
The Action Logs section lists the changes made to the selected vulnerability entry. For example, change in description, severity, solution, and so on.
- Tell me about Severity levels.