Results

Vulnerabilities show page

Updated: 2025-01-27 SBOM Central

The Vulnerabilities show page contains information and references related to one specific vulnerability identity.

In SBOM Central, there are two types of detailed vulnerability pages (show page):

  1. General Show Page, accessed from the Vulnerabilities Index page.
  2. SBOM Show Page, accessed from the Vulnerabilities tab within an SBOM.

Both pages displays basically the same information but presents it in slightly different formats.

Below is a description of the general type:

The page has five main areas:

  1. Identity of the Vulnerability.
  2. Top boxes with highlighted data.
  3. Information box.
  4. Vulnerability description.
  5. Tabs row containing unique content for each tab.

Top box

Color coded status boxes:

Box Description
Priority The priority fixing this vulnerability
Severity The severity i.e. Base metrics + Temporal metrics + Environmental metrics.
CWE priority CWE score priority
EPSS score Exploit prediction score (%)
CTI products Cyber threat intelligence, affected products.
CTI reports Cyber threat intelligence, reports
Analyses Number of performed analysis
Delivered Grey=No deliveries where this vulnerability is included, Light blue=Deliveries exists.
Alias OK Alias data between OSV-NVD is OK / Not OK
Priority

The Priority value is automatically aligned with the Severity value.

In the Analysis dialog, the priority can be manually adjusted to a different standard value.

Severity

The Severity value is automatically set to the CVSS Base metrics value. It can manually be adjusted by altering the temporal metrics and the environmental metrics values.

Severity Score colors:

  • Red = Critical severity
  • Orange = High
  • Green = Medium
  • Light blue = Low severity
  • Grey = None

Information box

  • Identifier: Vulnerability identity
  • Priority : Priority

Tabs row

  1. Analysis tab, lists all analyses.
  2. Affected software tab, lists all affected artifacts, SBOMs, products, deliveries and tags.
  3. OSV tab, contains vulnerability data from OSV.dev.
  4. NVD tab, contains vulnerability data from NVD.com.
  5. Temporal metrics tab, CVSS 3 temporal metrics alterations page.
  6. Exploit probability tab, contains general exploit information, Known Exploited Vulnerabilities catalog, EPSS and Cyber threat Intelligence.
  7. Fixes tab, known automated fixes.
  8. VEXs tab, list all VEX reports generated from the current vulnerability.
  9. History tab. change history.