Results

Vulnerabilities show page

Updated:2024-05-10

The Vulnerabilities show page contains information and references related to one specific vulnerability identity.

The CVSS scoring algorithms from NVD are implemented in MAIA to correctly modify CVSS when modifying metrics.

The page has four main areas:

  1. Identity of the Vulnerability (and where applicable, an identity of a build).
  2. Top boxes with highlighted data.
  3. Tabs row and unique content for each tab.
    1. Score tab.
    2. Base metrics tab.
    3. Temporal metrics tab.
    4. Decisions tab.
    5. Exploits tab.
    6. Artifacts tab.
    7. Deliveries tab.
    8. History tab.
  4. Information box.
General type show page, with the CVE identity only.

Build type show page, with the CVE identity a build label and tags in the page.

Top box

Color coded status boxes:

Box Description
CVSS Score The overall CVSS Score (see below).
CWE Priority CWE priority.
Decisions Decisions on this CVE exists
Delivered Grey=No deliveries where this CVE is included, Light blue=Deliveries exists.

The Overall CVSS Score:

The value of the overall CVSS Score depends on the scope. If the page:

  1. is of General type -- the CVSS score is composed of:
    • Base metrics and Temporal metrics.
    • If Decisions are saved without a selected Tag, then the decision affects all variants of the vulnerable software and environments so both Environmental metrics and Decisions can be part of the general Overall CVSS score.
  2. is of Build type -- the CVSS score is composed of:
    • Base metrics and Temporal metrics.
    • Environmental metrics and Decisions:
      • if the decision has a Tag matching a Tag for the build. Example: if the Build is tagged with "production" and "ubuntu" and the CVE decision is tagged with "ubuntu" then both Environmental metrics and Decisions are part of the Overall CVSS score.
      • If Decisions are saved without a selected Tag, then the decision affects all variants of the vulnerable software and environments so both Environmental metrics and Decisions can be part of the general Overall CVSS score.

Colors CVSS Score:

  • Red = Critical severity
  • Orange = High
  • Green = Medium
  • Light blue = Low severity
  • Grey = None

Tabs

Name Description
Score Contains a bar chart with current scores (Base + Temporal + (Environmental) + Overall).
Base metrics Base metrics as analyzed at the source (NVD).
Temporal metrics Temporal metrics , editable.
Decisions A list of decisions made on this CVE.
Exploits A list of exploits detected for this CVE, and links to information on the ExploitDB web site.
Artifacts A list of artifacts affected by this CVE, including current artifact update status.
Deliveries A list of Deliveries affected by this CVE.
History A list of manual changes of data in MAIA WebApp related to this CVE.

Information box

  • Built artifact: Build label and link to the artifact related to this show page (Visible for Build type page only).

  • Tags : Active tags for this show page (Visible for Build type page only).

  • CVE unmodified: Link to the general type page for this CVE (Visible for Build type page only).

  • Description: Short description of the vulnerability.

  • CVE in NVD: Id/Link to the CVE on the NVD web site.

  • CWE in Mitre: Id/Link to the CWE on the Mitre web site.

  • CWE Priority: Priority setting in MAIA

  • CWE Score: CWE score from Mitre.

  • Last scan: Last time MAIA checked for updates of this CVE.

  • Release date: Time of CVE creation in NVD.

  • Last update: Time of last CVE update in NVD.