Exploit And Vulnerability Intelligence

Vulnerability Intelligence

Leverage the vulnerability intelligence features within VulnCheck Exploit & Vulnerability Intelligence to get the industry's fastest and most comprehensive vulnerability intelligence available and solve the vulnerability prioritization challenge today.

VulnCheck Exploit & Vulnerability Intgelligence service provides vulnerability aliases, CVSS temporal scores, vulnerability categorization data, and embeds rich exploit intelligence to go well above and beyond what the NVD provides.

VulnCheck Exploit & Vulnerability Intelligence is an autonomous system that tracks dozens of vendor and government advisories, and then marries that data with best-in-class exploit intelligence from VulnCheck.

Unlike other vulnerability databases, VulnCheck includes the latest information on a wider range of vulnerabilities, including:

  • Vulnerabilities in Open Source packages / dependencies
  • Vulnerabilities in ICS/OT, IoMT, IoT, mobile, etc., devices

VulnCheck Exploit & Vulnerability Intelligence also includes unique fields, typically unavailable in other alternative sources, such as:

  • Vulnerability Status
  • Categorization (e.g., ICS/OT, IoMT, IoT, Mobile, Server Software, etc.)
  • MITRE ATT&CK mapping
  • MITRE Attack Patterns (CAPEC) mapping
  • CWE associations for pre-2008 CVEs
  • More vendor references
  • More exploit references
  • Less broken links
  • Cleaner CPE data
  • Ability to query by Package URL (purl)

Vulnerability Status

VulnCheck Exploit & Vulnerability Intelligence maintains a Vulnerability Status field in the header of vulnerability requests. The Vulnerability Status field helps distinguish between confirmed vulnerabilities and other vulnerabilities with a different status, such as disputed or rejected vulnerabilities.

Vulnerability Status Definitions

ConfirmedThe most common vulnerability status. Most vulnerabilities have a status of Confirmed.
DisputedIf a vulnerability is disputed, for whatever reason, a vulnerability has a status of Disputed.
PendingCVEs that do not currently have a description live in NVD and are not set to another status, such as Reserved, are set to Pending.
RejectedIf a vulnerability has been rejected for whatever reason, it has a status of Rejected.
ReservedCVEs that have been reserved in blocks by CVE Numbering Authorities (CNA), have a status of Reserved if they have not yet been published by NIST.
UnsupportedIf the CVE, at the time of publication, has been reported in End of Life or otherwise unsupported software, the vulnerability status is set to Unsupported.
UnverifiableIf the vulnerability information is ambiguous and cannot be verified, the status is set to Unverifiable.

The above table shows the currently available status' in the VulnCheck vulnerability status field.