Vulnerabilities

Identify publicly known cybersecurity issues and weaknesses using the Digital Risk Analyzer's Vulnerabilities. The Common Vulnerabilities and Exposures (CVEs) in a user-given domain are identified from sources like the client library version and response header when it is accessed. Early detection of vulnerabilities helps you address them in time to prevent security risks and maintain compliance with security standards.

How to see a domain's CVE vulnerabilities

Vulnerabilities can be identified based on a CVE ID, which is the unique identifier of a vulnerability in the CVE database. View CVE vulnerabilities by following the given steps:

1. Log in to the Digital Risk Analyzer.
2. Click Add New Domain in the top band to check the vulnerabilities of a new domain.
3. Click the domain name to view the vulnerabilities of an existing domain.
4. In the left pane, click the Vulnerabilities tab.
   
   
5. On the Vulnerabilities page, view the list of CVE vulnerabilities identified. The CVE information contains:
   • CVSS: Shows the severity rating of the identified vulnerability.
   • CVE ID: Shows the vulnerability's unique identifier based on the CVE database.
   • EPSS (%): Shows the probability of the vulnerability being exploited.
   • Status: Shows the vulnerability status according to CISA documentation.
   • Published Time: Shows the time when the vulnerability was reported.
   • CWE: Shows the vulnerability's unique identifier based on the Common Weakness Enumeration (CWE) standard. The CWE Specification is a structured list of software vulnerabilities that helps developers and security professionals identify and address security weaknesses in software.