Additional detail on a CVE can be obtained by a double click on any list entry in the CVE list, or by entering the CVE ID in the quick search field. Below, we will take you through the different sections that make up the vulnerability profile.
General
OTbase Inventory provides verbose CVSS vector descriptions that break down the cryptic CVSS string into human-readable components. When viewing a CVE profile, you'll see each component of the CVSS vector explained in clear text.
Vector Components
The CVSS vector string is automatically parsed and displayed with the following components:
| CVSS Component | Description |
|---|---|
| Attack Vector (AV) | |
| Network (N) | Remotely exploitable over a network |
| Adjacent (A) | Requires access to the local network segment |
| Local (L) | Requires local system access |
| Physical (P) | Requires physical device access |
| Attack Complexity (AC) | |
| Low (L) | No specialized conditions required [displayed in orange] |
| High (H) | Requires specific conditions or configurations |
| Privileges Required (PR) | |
| None (N) | No authentication needed [displayed in orange] |
| Low (L) | Requires basic user privileges |
| High (H) | Requires administrative or elevated privileges |
| User Interaction (UI) | |
| None (N) | No user interaction required [displayed in orange] |
| Required (R) | Requires user to perform an action |
| Scope (S) | |
| Unchanged (U) | Impact limited to vulnerable component |
| Changed (C) | Impact extends beyond vulnerable component |
| Confidentiality (C) | |
| High (H) | Total loss of confidentiality [displayed in orange] |
| Low (L) | Partial confidentiality impact |
| None (N) | No confidentiality impact |
| Integrity Impact (I) | |
| High (H) | Total loss of integrity [displayed in orange] |
| Low (L) | Partial integrity impact |
| None (N) | No integrity impact |
| Availability Impact (A) | |
| High (H) | Total loss of availability [displayed in orange] |
| Low (L) | Partial availability impact |
| None (N) | No availability impact |
Description
The full textual description of the vulnerability, as stored in the National Vulnerability Database.
Links
Hyperlinks to third party analysis of the vulnerability. As part of the metadata download, we've expanded these links to now include multiple authoritative sources beyond NIST, providing more comprehensive vulnerability information.
Summary
CVE summaries provide automatically generated overviews of select vulnerabilities, giving analysts a quicker understanding of relevance and criticality without needing to open all referenced links.
Recommended remediation
Information on how the vulnerability should be mitigated. This information can come from user input. In the case of CVEs affecting Microsoft products, the appropriate security patches are inserted automatically. clicking on a patch ID launches the Microsoft Knowledge Base entry for the patch.
AI Context
AI context provides on-demand insights for CVE profiles by retrieving information from public AI platforms. It can include details from advisories, forums, and other sources beyond official references. The context is loaded dynamically when requested, stored for reuse, and refreshed as needed. Only the identifier (e.g., CVE or product name) is shared with the AI provider, ensuring that details about your installed base remain private
Affected devices
A list of affected devices, along with an indication of whether the vulnerability is already mitigated for the device or not. Unmitigated devices are shown in orange, mitigated devices in blue.
Beneath each reference location you can see a graph that shows the ratio between mitigated and unmitigated devices that are affected by the given vulnerability.
By default the device list only contains unmitigated devices. If you want to display mitigated devices as well you can check the "Show fixed devices" box. Mitigated devices, if any, will then be shown in blue at the bottom of the table (however you can re-sort the table by clicking on any of the column headers).
Comments
0 comments
Please sign in to leave a comment.