Using CVE names

Patch and Compliance supports the CVE (Common Vulnerabilities and Exposures) naming standard. You can search for a downloaded vulnerability by its CVE name. You can also view the CVE name(s) associated with an individual vulnerability.

Read this section to learn about:

What is CVE?

CVE is short for Common Vulnerabilities and Exposures, a collaborative initiative by several leading security technology organizations to compile and maintain a list of standardized names for vulnerabilities and other information security exposures. CVE is a dictionary of names rather than a database.

In short, the stated purpose of the CVE naming standard is to make it easier to search for, access, and share data across vulnerability databases and security tools. For more details about CVE and the CVE Editorial Board, visit the MITRE Corporation's Web site.

LANDesk compatibility with the CVE standard

LANDesk security products, including the flagship LANDesk Management Suite as well as LANDesk Security Suite and LANDesk Patch Manager, offer tools for vulnerability definition updating, viewing, and reporting that fully support the CVE standard.

When you download vulnerability definition updates, the vulnerability data contains CVE name references that are based on the most recent information from the CVE board. Additionally, the vulnerability definition includes a hyperlink to the CVE dictionary Web site where you can find the most recent CVE version information at its source. The accuracy and currency of the CVE data is validated by this direct link.

Using CVE names when searching for vulnerabilities

Patch and Compliance lets you search for vulnerabilities by their unique CVE names.

You can also find CVE names for downloaded vulnerabilities as well as access the CVE Web site for more information about the vulnerability and its CVE status.

To find security vulnerability definitions by using CVE names
  1. In the Patch and Compliance tool window, select Vulnerabilities from the Type drop-down list. A complete list of downloaded vulnerability definitions displays.

  2. Enter the CVE name (CVE ID) in the Find field, select Any or CVE ID from the In Column drop-down list, and then click the Search button. (You can enter the entire CVE ID, including the cve- prefix, or as much of the ID as you know, and search your downloaded security repository for matching vulnerabilities.)
  3. If a vulnerability with a matching CVE ID is found in the repository of vulnerabilities you've downloaded, it displays in the list.
  4. Right-click the vulnerability to access its shortcut menu for available options.
To find CVE names for downloaded security vulnerability definitions
  1. In Patch and Compliance, select Vulnerabilities or All Types from the Type drop-down list. A list of downloaded definitions displays. (If the column for CVE ID data has been selected, you can view CVE IDs in the item list. To configure columns, right-click a column title bar, select Columns, and make sure the CVE ID column is in the Selected Columns list.)
  2. Double-click a vulnerability definition (or right-click the definition and select Properties) to open its Properties dialog box.
  3. Click the Description page.
  4. If the selected vulnerability has a CVE name, it displays in the CVE ID drop-down list. Some vulnerabilities might have more than one CVE name, which you can access by scrolling through the drop-down list.
  5. To access the Web page for a specific CVE ID, click the More information for CVE ID link. The CVE Web site provides detailed information about each vulnerability with a CVE name, including its current status with the CVE board (approved Entry, or Candidate under review).