Skip to content

CVEs#

Overview#

The CVE tab provides a list of vulnerabilities detected within a group. It extracts and displays key information for triage (response decisions) in a tabular format. You can use the sort and filter functions to create tasks for high-risk vulnerabilities or hide low-risk ones. It also supports efficient triage operations, such as selecting multiple vulnerabilities on the screen and updating their tasks in bulk.

image.png

Columns Available in the CVE Tab#

The columns that can be displayed in the CVE tab are as follows.

Item Details Update Timing
CVE Priority The priority of the vulnerability is displayed. During scan / When vulnerability priority is updated
Security Alert Indicates whether alert information has been published by CISA KEV, VulnCheck KEV, ENISA KEV, JPCERT/CC-Alerts, or CISA-Alerts.
Exploited in ransomware campaigns: The vulnerability is listed in CISA KEV or VulnCheck KEV as being exploited in ransomware campaigns.
Critical: Listed in CISA KEV, VulnCheck KEV, or ENISA KEV, but not flagged as exploited in ransomware campaigns.
Warning: Listed in JPCERT/CC-Alerts or CISA-Alerts.
When DB information changes
Open Immediate Tasks The number of tasks associated with the vulnerability where the "SSVC Priority" is Immediate, the "Status" is NEW, and the task is not hidden. During scan
Open Out of Cycle Tasks The number of tasks associated with the vulnerability where the "SSVC Priority" is Out Of Cycle, the "Status" is NEW, and the task is not hidden. During scan
Highest SSVC Priority The highest SSVC Priority among tasks associated with the vulnerability. During scan
Exploit Reliability Indicates whether KEV information, attack code, or PoC is publicly available.
High (Active / highly reliable attack code available): SSVC Exploitation is Active, or attack code that is available in the Metasploit-Framework or that has been verified and is highly reliable exists (reliable exploit information exists).
Low (PoC): SSVC Exploitation is PoC.
-: SSVC Exploitation is None.
When DB information changes
Summary A summary of the vulnerability.
If the language setting is ja, the JVN summary is prioritized.
When DB information changes
Severity The severity of the vulnerability.
Based on the CVSS v3 score, it is displayed as Critical, High, Medium, Low, or None.
※ For vulnerabilities that only provide CVSS v4, the severity is calculated based on the CVSS v4 score.
When DB information changes
CVE Priority Changed From The source from which the Vulnerability Priority was set. When vulnerability priority is updated
Red Hat Severity Rating An indicator of the vulnerability's severity as rated by Red Hat. When DB information changes
Ubuntu Severity Rating An indicator of the vulnerability's severity as rated by Canonical (the developer of Ubuntu). When DB information changes
CVSS v4 The highest CVSS v4 score is displayed. When DB information changes
CVSS v3 The highest CVSS v3 score is displayed. When DB information changes
CVSS v2 The highest CVSS v2 score is displayed.
※ Scheduled to be removed in a future release. If you reference this in dashboards, automated integrations, etc., please consider migrating to v3 / v4.
When DB information changes
Red Hat The Red Hat v3 score is displayed. When DB information changes
JVN The JVN v3 score is displayed. When DB information changes
NVD The NVD v3 score is displayed. When DB information changes
Microsoft The Microsoft v3 score is displayed. When DB information changes
Patch Availability Indicates whether a patch is available for the related vulnerable software.

(entire): A valid patch is available for all related software.
(none): No patch is currently available for any related software.
(some): A mix of patched and unpatched software exists.
(unknown): Patch availability is unknown for some of the related software.
-: Patches have been applied to all related software, and the vulnerability is resolved.
When DB information changes
Active Process Indicates whether a related process is running on the server and listening on a port.
The process running state is available for OS package vulnerabilities when the scan target is a Linux-based OS scanned using the Vuls scanner.

-: The running state of the process is unknown.
Play icon: The process is running but not listening on any port.
Radio wave icon: The process is running and listening on a port.
During scan
Status of Your Tasks Indicates whether the logged-in user is the primary or secondary assignee of the task. During scan / When a task is updated
Open Tasks The number of tasks associated with the vulnerability where the "Status" is NEW and the task is not hidden. During scan / When a task is updated
Ongoing Tasks The number of tasks associated with the vulnerability where the "Status" is INVESTIGATING, ONGOING, or DEFER, and the task is not hidden. During scan / When a task is updated
Completed Tasks The number of tasks associated with the vulnerability where the "Status" is not NEW, INVESTIGATING, ONGOING, or DEFER, or where the task is hidden. During scan / When a task is updated
All Tasks The total number of tasks associated with the vulnerability. During scan
Network Exploitable (Red Hat) Indicates whether the AV (Attack Vector) in the CVSS Base Score is Network. When DB information changes
No Privileges Required (Red Hat) Indicates whether Au (Authentication) or PR (Privileges Required) in the CVSS Base Score is not required. When DB information changes
CVE ID The identifier of the detected vulnerability. During scan
Advisory Name The advisory name associated with the CVE ID is displayed. When DB information changes
EPSS Score Represents the probability that the vulnerability will be exploited in the next 30 days. A higher value indicates a higher probability of exploitation and a greater threat. (About EPSS) When DB information changes
EPSS Percentile Represents the percentage of vulnerabilities with an EPSS Score lower than this vulnerability's score. A higher value means this vulnerability has a higher threat level. (About EPSS) When DB information changes
Cloud One Status The status of the Cloud One integration. During scan
Mitigation / Workaround Indicates whether mitigations or workarounds exist in the Red Hat or Microsoft data sources. When DB information changes
External Scan Indicates whether there are any externally exposed vulnerabilities. When external scan results are added/updated
Due Date (Special Alert Tag) The due date configured in Special Alert Tags is displayed. During scan
Latest Detection Time The most recent date and time the CVE was detected within the group. During scan
Last Vector Score Update The date and time the CVSS vector or score was updated, or when the vulnerability was first detected. During scan
Topic Count The number of topics registered for the vulnerability. When a topic is updated
Last Topic Update The most recent date and time a topic for the CVE was registered or updated. When a topic is updated
Last Priority Update The date and time the vulnerability priority was last updated. During scan / When vulnerability priority is updated
First Detection Time The date and time the CVE was first detected within the group. During scan

CVE ID#

As a general rule, FutureVuls displays the CVE ID of detected vulnerabilities. However, some vulnerabilities do not have a CVE ID assigned. For example, some vulnerabilities may be at a stage before a CVE ID is assigned, or may be managed and disclosed independently by various vendors and security organizations.

To achieve more comprehensive and rapid vulnerability management, FutureVuls collects a wide range of security advisory information not only from major vulnerability databases but also from various vendors and software development communities. In this process, if a vulnerability is detected that has not yet been assigned a CVE ID or is not eligible for CVE assignment, the unique advisory ID or management number issued by the respective information source is displayed in the "CVE ID" column.

Examples of Identifiers Displayed as CVE ID#

Here are some examples of identifiers, other than the CVE-yyyy-dddd format, that may be displayed in the CVE ID column.

  • ADV[number]: A security advisory number issued by Microsoft. It is issued for cases that may cover multiple CVE IDs or involve broader security threats not limited to specific patches. For information on each advisory, please check the "Advisories published by MSRC" page.
  • GHSA-xxxx-xxxx-xxxx: An ID for a GitHub Security Advisory (GHSA). For more details on GHSA, please see the "GitHub documentation".
  • pyup.io-[number]: An ID assigned to each vulnerability by a service that detects vulnerabilities in Python dependency libraries. Additionally, for vulnerabilities in other dependency libraries that do not have a CVE ID, a unique identifier from the service's own vulnerability database may be assigned.
  • TEMP-[alphanumeric]: A temporary identifier used mainly by organizations like Red Hat and the Debian community for vulnerabilities that have not yet been issued a CVE ID.
  • MAL-[number]: An ID assigned by OSV (Open Source Vulnerability) to identify malicious software (malware). These may appear through integrations such as Inspector.

Sub-tabs#

The vulnerability list has tabs that let you filter the view by the status of related tasks.

image.png

Category Description
High SSVC Priority CVE Vulnerabilities where the highest SSVC priority of related tasks is Immediate or OutOfCycle (only displayed for group sets (CSIRT plan)).
Important CVE Displays vulnerabilities with unresolved tasks that match the configured conditions for "Important CVE".
Other Unresolved CVE Displays vulnerabilities with unresolved tasks that did not match the conditions for "Important CVE".
Ongoing CVE Vulnerabilities that do not have unresolved tasks but have one or more related tasks with a status of ONGOING or INVESTIGATING.
Deferred CVE Vulnerabilities that do not have any tasks with a status of NEW, ONGOING, or INVESTIGATING, but have one or more tasks with a status of DEFER.
Completed CVE ・Vulnerabilities where all related tasks are set to Hidden.
・Vulnerabilities where the status of all related tasks is WORKAROUND, NOT_AFFECTED, RISK_ACCEPTED, or PATCH_APPLIED.
All Displays all detected vulnerabilities.

You can hide all tasks on all servers related to the selected vulnerabilities in bulk.

image.png

You can update all tasks on all servers related to the selected vulnerabilities in bulk.

image.png