Exploit And Vulnerability Intelligence
Leverage the vulnerability intelligence features within VulnCheck Exploit & Vulnerability Intelligence to get the industry's fastest and most comprehensive vulnerability intelligence available and solve the vulnerability prioritization challenge today.
VulnCheck Exploit & Vulnerability Intgelligence service provides vulnerability aliases, CVSS temporal scores, vulnerability categorization data, and embeds rich exploit intelligence to go well above and beyond what the NVD provides.
VulnCheck Exploit & Vulnerability Intelligence is an autonomous system that tracks dozens of vendor and government advisories, and then marries that data with best-in-class exploit intelligence from VulnCheck.
Unlike other vulnerability databases, VulnCheck includes the latest information on a wider range of vulnerabilities, including:
- Vulnerabilities in Open Source packages / dependencies
- Vulnerabilities in ICS/OT, IoMT, IoT, mobile, etc., devices
VulnCheck Exploit & Vulnerability Intelligence also includes unique fields, typically unavailable in other alternative sources, such as:
- Vulnerability Status
- Categorization (e.g., ICS/OT, IoMT, IoT, Mobile, Server Software, etc.)
- MITRE ATT&CK mapping
- MITRE Attack Patterns (CAPEC) mapping
- CWE associations for pre-2008 CVEs
- More vendor references
- More exploit references
- Less broken links
- Cleaner CPE data
- Ability to query by Package URL (purl)
VulnCheck Exploit & Vulnerability Intelligence maintains a Vulnerability Status field in the header of vulnerability requests. The Vulnerability Status field helps distinguish between confirmed vulnerabilities and other vulnerabilities with a different status, such as disputed or rejected vulnerabilities.
|Confirmed||The most common vulnerability status. Most vulnerabilities have a status of Confirmed.|
|Disputed||If a vulnerability is disputed, for whatever reason, a vulnerability has a status of Disputed.|
|Pending||CVEs that do not currently have a description live in NVD and are not set to another status, such as Reserved, are set to Pending.|
|Rejected||If a vulnerability has been rejected for whatever reason, it has a status of Rejected.|
|Reserved||CVEs that have been reserved in blocks by CVE Numbering Authorities (CNA), have a status of Reserved if they have not yet been published by NIST.|
|Unsupported||If the CVE, at the time of publication, has been reported in End of Life or otherwise unsupported software, the vulnerability status is set to Unsupported.|
|Unverifiable||If the vulnerability information is ambiguous and cannot be verified, the status is set to Unverifiable.|
The above table shows the currently available status' in the VulnCheck vulnerability status field.