Vulnerability ManagementAlso called: "cve id", "vulnerability identifier"
CVE IDs provide a common language for discussing security flaws across vendors and tools.
CVE identifier format
- CVE-YYYY-NNNNN (e.g., CVE-2024-12345).
- YYYY = year disclosed.
- NNNNN = unique sequential number.
CVE lifecycle
- Researcher discovers vulnerability.
- CVE ID reserved through CNA (CVE Numbering Authority).
- Details published in NIST NVD (National Vulnerability Database).
- Vendors release patches and advisories.
Using CVE data
- Prioritize patching based on CVSS scores and exploitation status.
- Monitor CVE feeds for newly disclosed vulnerabilities.
- Check if your software versions are affected.
- Track CVEs in threat intelligence platforms.