Open in app

Sign in

Write

Sign in

Vulnerability Advisory Terminologies

Mannu Aggarwal
2 min readNov 25, 2023

--

This story is about knowing what things should be in a vulnerability advisory and what we will understand from them about the vulnerability.

Glossary:-

  1. Title:- This will define the name of the vulnerability like:-
  2. Severity:- This will be defined and calculated based on vectors.
  3. Vector on the basis ( CVSS2.0/CVSS3.0):- This will based on multiple factors which we will understand in an individual topic that will be discussed in another story.
  4. Published Date:- The day on which vulnerability was publicly shared
  5. Last Modified Date:- As time passes, many changes will happen in vulnerability like the addition of exploits. So that day will be the last modified date.
  6. Description:- Detailed description of a vulnerability for understanding that will help you to analyze what and how can this vulnerability impact any asset or any flaw that this vulnerability can create.
  7. CVE IDs / CVE Dictionary Entry:- These will be released by MITRE or CVE IDs are primarily assigned by MITRE, as well as by authorized organizations known as CVE Numbering Authorities (CNAs).
  8. Weakness Enumeration:- IT basically defines the list of flaws that software /hardware have like:- buffer overflow etc. It is a form of registering software and hardware weaknesses and is controlled by the National Cyber Security Division and the US Department of Homeland Security.
  9. Affected products:- Which product and its version have this vulnerability?
  10. Fixed versions & products:- This will define which version and product has a patch or fix for this vulnerability.
  11. Reference links:- The portal on which this vulnerability is listed or Published like:- NVD, MITRE, Zero-day initiative, CVE.
  12. Vendor Name:- The name of the company/vendor that has owned or has a responsibility to release its fixed.
  13. Solution:- What do we have to do to mitigate the risk of the vulnerability in our environment or what action is required to patch this vulnerability?

TO BE CONTINUED

We will meet you in another story with something useful in cyber security.

Advisory
Vulnerability
Vulnerability Assessment
Vulnerability Management
Validation

--

--

Mannu Aggarwal
Mannu Aggarwal

Written by Mannu Aggarwal

2 Followers
1 Following

I am managing vulnerabilities and assessment smartly I enjoy using my skills to contribute to the exciting technological advance. I am here to share my thoughts

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams