Patch and Compliance supports the CVE (Common Vulnerabilities
and Exposures) naming standard. You can search for a downloaded
vulnerability by its CVE name. You can also view the CVE name(s)
associated with an individual vulnerability.
CVE is short for Common Vulnerabilities and Exposures, a
collaborative initiative by several leading security technology
organizations to compile and maintain a list of standardized names
for vulnerabilities and other information security exposures. CVE
is a dictionary of names rather than a database.
In short, the stated purpose of the CVE naming standard is to
make it easier to search for, access, and share data across
vulnerability databases and security tools. For more details about
CVE and the CVE Editorial Board, visit the MITRE Corporation's Web
site.
LANDesk compatibility
with the CVE standard
LANDesk security products, including the flagship LANDesk
Management Suite as well as LANDesk Security Suite and LANDesk
Patch Manager, offer tools for vulnerability definition updating,
viewing, and reporting that fully support the CVE standard.
When you download vulnerability definition updates, the
vulnerability data contains CVE name references that are based on
the most recent information from the CVE board. Additionally, the
vulnerability definition includes a hyperlink to the CVE dictionary
Web site where you can find the most recent CVE version information
at its source. The accuracy and currency of the CVE data is
validated by this direct link.
Using CVE names when searching for
vulnerabilities
Patch and Compliance lets you search for vulnerabilities by
their unique CVE names.
You can also find CVE names for downloaded vulnerabilities as
well as access the CVE Web site for more information about the
vulnerability and its CVE status.
To find security vulnerability definitions by using CVE
names
In the Patch and Compliance tool window,
select Vulnerabilities from the Type drop-down list.
A complete list of downloaded vulnerability definitions
displays.
Enter the CVE name (CVE ID) in the Find field,
select Any or CVE ID from the In Column
drop-down list, and then click the Search button. (You can
enter the entire CVE ID, including the cve- prefix, or as much of
the ID as you know, and search your downloaded security repository
for matching vulnerabilities.)
If a vulnerability with a matching CVE ID is found in
the repository of vulnerabilities you've downloaded, it displays in
the list.
Right-click the vulnerability to access its shortcut
menu for available options.
To find CVE names for downloaded security vulnerability
definitions
In Patch and Compliance, select
Vulnerabilities or All Types from the Type
drop-down list. A list of downloaded definitions displays. (If the
column for CVE ID data has been selected, you can view CVE IDs in
the item list. To configure columns, right-click a column title
bar, select Columns, and make sure the CVE ID column
is in the Selected Columns list.)
Double-click a vulnerability definition (or
right-click the definition and select Properties) to open
its Properties
dialog box.
Click the Description page.
If the selected vulnerability has a CVE name, it
displays in the CVE ID drop-down list. Some vulnerabilities
might have more than one CVE name, which you can access by
scrolling through the drop-down list.
To access the Web page for a specific CVE ID, click
the More information for CVE ID link. The CVE Web site
provides detailed information about each vulnerability with a CVE
name, including its current status with the CVE board (approved
Entry, or Candidate under review).
