Cortex XSIAM identifies externally inferred CVEs by comparing the product name and version of an active service, if identifiable, with CVEs for those products in the National Vulnerability Database (NVD). We categorize externally inferred CVE matches as high or medium confidence based on the version information that is available on the service and from NVD.
High Confidence Match—Precise version information is available both from the service and from NVD. Cortex XSIAM generates issues for high-confidence externally inferred CVEs.
Medium Confidence Match—Part of the version information from the service matches the NVD entry for the CVE, but the version information from the service or from NVD has additional characters. Cortex XSIAM creates findings for medium-confidence externally inferred CVEs but will not generate issues.
Note
An externally inferred CVE might impact your service or asset, but additional investigation is required to confirm that the CVE is actually present.
The following table provides examples of externally inferred CVE matches.