Vulnerability Intelligence
Leverage the vulnerability intelligence features within VulnCheck Exploit & Vulnerability Intelligence to get the industry's fastest and most comprehensive vulnerability intelligence available and solve the vulnerability prioritization challenge today.
VulnCheck Exploit & Vulnerability Intgelligence service provides vulnerability aliases, CVSS temporal scores, vulnerability categorization data, and embeds rich exploit intelligence to go well above and beyond what the NVD provides.
VulnCheck Exploit & Vulnerability Intelligence is an autonomous system that tracks dozens of vendor and government advisories, and then marries that data with best-in-class exploit intelligence from VulnCheck.
Unlike other vulnerability databases, VulnCheck includes the latest information on a wider range of vulnerabilities, including:
- Vulnerabilities in Open Source packages / dependencies
- Vulnerabilities in ICS/OT, IoMT, IoT, mobile, etc., devices
VulnCheck Exploit & Vulnerability Intelligence also includes unique fields, typically unavailable in other alternative sources, such as:
- Vulnerability Status
- Categorization (e.g., ICS/OT, IoMT, IoT, Mobile, Server Software, etc.)
- MITRE ATT&CK mapping
- MITRE Attack Patterns (CAPEC) mapping
- CWE associations for pre-2008 CVEs
- More vendor references
- More exploit references
- Less broken links
- Cleaner CPE data
- Ability to query by Package URL (purl)
Vulnerability Status
VulnCheck Exploit & Vulnerability Intelligence maintains a Vulnerability Status field in the header of vulnerability requests. The Vulnerability Status field helps distinguish between confirmed vulnerabilities and other vulnerabilities with a different status, such as disputed or rejected vulnerabilities.
Vulnerability Status Definitions
| Status | Meaning |
|---|---|
| Confirmed | The most common vulnerability status. Most vulnerabilities have a status of Confirmed. |
| Disputed | If a vulnerability is disputed, for whatever reason, a vulnerability has a status of Disputed. |
| Pending | CVEs that do not currently have a description live in NVD and are not set to another status, such as Reserved, are set to Pending. |
| Rejected | If a vulnerability has been rejected for whatever reason, it has a status of Rejected. |
| Reserved | CVEs that have been reserved in blocks by CVE Numbering Authorities (CNA), have a status of Reserved if they have not yet been published by NIST. |
| Unsupported | If the CVE, at the time of publication, has been reported in End of Life or otherwise unsupported software, the vulnerability status is set to Unsupported. |
| Unverifiable | If the vulnerability information is ambiguous and cannot be verified, the status is set to Unverifiable. |
The above table shows the currently available status' in the VulnCheck vulnerability status field.
