What is a CVE?

Q: What is a CVE?

CVE (Common Vulnerabilities and Exposures) is a standardized identifier for publicly known cybersecurity vulnerabilities. Each CVE has a unique ID like CVE-2021-44228 (Log4Shell). Maintained by MITRE Corporation, sponsored by CISA. The CVE dictionary provides: a unique ID, a description of the vulnerability, and references to advisories and patches. CVSS (Common Vulnerability Scoring System) is a separate standard that rates severity from 0-10 (Critical 9.0-10.0, High 7.0-8.9, Medium 4.0-6.9, Lo

Answer

CVE (Common Vulnerabilities and Exposures) is a standardized identifier for publicly known cybersecurity vulnerabilities. Each CVE has a unique ID like CVE-2021-44228 (Log4Shell). Maintained by MITRE Corporation, sponsored by CISA. The CVE dictionary provides: a unique ID, a description of the vulnerability, and references to advisories and patches. CVSS (Common Vulnerability Scoring System) is a separate standard that rates severity from 0-10 (Critical 9.0-10.0, High 7.0-8.9, Medium 4.0-6.9, Low 0.1-3.9). The NVD (National Vulnerability Database) enriches CVE data with CVSS scores, affected configurations, and remediation. Security teams use CVEs to track which vulnerabilities affect their software (Software Composition Analysis). Subscribing to CVE feeds and having a patch management process are essential for staying ahead of known vulnerabilities.

Answer

More Cybersecurity / Web Security Questions