Vulnerability Profiles

Additional detail on a CVE can be obtained by a double click on any list entry in the CVE list, or by entering the CVE ID in the quick search field.

A vulerability profile has the following sections:

General
CVSS data for the CVE, publication date etc.

Description
The full textual description of the vulnerability, as stored in the National Vulnerability Database.

Links
Hyperlinks to third party analysis of the vulnerability. The first link always points to the original description in the National Vulnerability Database.

Recommended remediation
Information on how the vulnerability should be mitigated. This information can come from user input. In the case of CVEs affecting Microsoft products, the appropriate security patches are inserted automatically. Klicking on a patch ID launches the Microsoft Kowledge Base entry for the patch.

Affected devices
A list of affected devices, along with an indication of whether the vulnerability is already mitigated for the device or not. Unmitigated devices are shown in orange, mitigated devices in blue.

Beneath each reference location you can see a graph that shows the ratio between mitigated and unmitigated devices that are affected by the given vulnerability.

By default the device list only contains unmitigated devices. If you want to display mitigated devices as well you can check the "Show fixed devices" box. Mitigated devices, if any, will then be shown in blue at the bottom of the table (however you can re-sort the table by clicking on any of the column headers).