Cortex XSIAM identifies externally inferred CVEs by comparing the product name and version of active service, if identifiable, with CVES for those products in the National Vulnerability Database. We categorize externally inferred CVE matches as high or medium confidence based on the version information that is available on the service and from the National Vulnerability Database (NVD).
High Confidence Match—Precise version information is available both from the service and from NVD.
Medium Confidence Match—Part of the version information from the service matches the NVD entry for the CVE, but the version information from the service or from NVD has additional characters.
Note
An externally inferred CVE might impact your service or asset, but additional investigation is required to confirm that the CVE is actually present.
Cortex XSIAM provides information about externally inferred CVEs for all assets and external services in the Asset Inventory. For every asset or service that has an externally inferred CVE, Cortex XSIAM also provides an Externally Inferred Vulnerability Score, which is the highest CVSS v3 score that applies to an asset or service. In cases where there is no CVSS v3 score, the CVSS v2 score is used.
To view externally inferred CVEs and details about them, see View Externally Inferred CVEs.