CPE Generation

VulnCheck CPE Overview

VulnCheck generates fast and accurate Common Platform Enumeration (CPE) that maps technology systems, software, and packages to CVEs. We have automated the generation of CPE and have made it available in vulncheck-nvd1, vulncheck-nvd2, nist-nvd1 and nist-nvd2 indexes.

Adding our CPE data to the same field that NIST populates would only cause confusion, so we've instead added the following fields:

vcConfigurations: Exactly the same as the NVD configurations field, but populated by VulnCheck.
vcVulnerableCPEs: NVD uses matchCriteriaId to facilitate CPE "unrolling". VulnCheck has decided to remove this additional step, and include the unrolled CPE in the vcVulnerableCPEs field.

Note that, vcConfigurations matchCriteriaId will always be empty because we are using vcVulnerableCPEs instead. However, it's a required field in the NIST schema so we elected to leave it.

VulnCheck generates CPE when the information is available providing you with faster and more accurate CPE. In order to ensure the most complete coverage consider using NIST NVD's CPE which is the configurations attribute when VulnCheck CPE vcConfigurations is unavailable.

CPE API Lookup

VulnCheck's cpe API endpoint provides the ability to lookup a list of vulnerabilities based on the specified CPE (Common Platform Enumeration) URI string. We support v2.2 and v2.3

Query CVE's based on CPE: https://api.vulncheck.com/v3/cpe?cpe=cpe:/o:paloaltonetworks:pan-os:10.2.0:2h:*:*:*:*:*

For more details on using the CPE API Endpoint, see CPE API Endpoint](/api/cpe)

The complete VulnCheck CPE to CVE mapping is available using our cpecve backup endpoint: https://api.vulncheck.com/v3/backup/cpecve

CPE CLI Lookup

VulnCheck's CLI cpe lookup provides a list of vulnerabilities based on the specified CPE (Common Platform Enumeration) URI String. We support v2.2 and v2.3

Example CLI Command

vulncheck cpe "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"

Learn more about using VulnCheck CLI here.

VulnCheck Generated CPE Example From `vulncheck-nvd2`

The following example of vcConfigurations and vcVulnerableCPEs is from vulncheck-nvd2?cve=CVE-2024-28746. Note that the cpeMatch describes the affected versions, and vcVulnerableCPEs lists them.

  "vcConfigurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "2.8.0",
              "versionEndExcluding": "2.8.3",
              "matchCriteriaId": ""
            }
          ]
        }
      ]
    }
  ],
  "vcVulnerableCPEs": [
    "cpe:2.3:a:apache:airflow:2.8.0:*:*:*:*:*:*:*",
    "cpe:2.3:a:apache:airflow:2.8.1:*:*:*:*:*:*:*",
    "cpe:2.3:a:apache:airflow:2.8.2:*:*:*:*:*:*:*"
  ]

VulnChecked Added CPE Example From `vulncheck-nvd`

The following example of vcConfigurations and vcVulnerableCPEs is from vulncheck-nvd?cve=CVE-2024-28746:

  "vcConfigurations": {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe23Uri": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
            "versionStartIncluding": "2.8.0",
            "versionEndExcluding": "2.8.3"
          }
        ]
      }
    ]
  },
  "vcVulnerableCPEs": [
    "cpe:2.3:a:apache:airflow:2.8.0:*:*:*:*:*:*:*",
    "cpe:2.3:a:apache:airflow:2.8.1:*:*:*:*:*:*:*",
    "cpe:2.3:a:apache:airflow:2.8.2:*:*:*:*:*:*:*"
  ]

Vulnerability Enrichment

VulnCheck generates unique vulnerability enrichment that is then incorporated into VulnCheck's Exploit and Vulnerability Intelligence services.

Early Access to CVEs

VulnCheck Exploit & Vulnerability Intelligence includes early access to CVEs not yet published in the NIST National Vulnerability Database (NVD).