1. Vulnerability overview
1. Vulnerability Introduction
In "GB/T 25069-2022 Information Security Technical Terminology", a vulnerability is defined as a weakness of an asset or control that may be exploited by one or more threats.
Vulnerability is a kind of vulnerability (Vulnerability), which refers to a flaw in the security of a computer system that threatens the confidentiality, integrity, availability, and access control of the system or its application data.
When a vulnerability is discovered and announced by the manufacturer, the vulnerability number will be issued to uniquely identify the vulnerability. Vulnerabilities are included in each institution's vulnerability database.
CVE (Common Vulnerabilities and Exposures) is a vulnerability library publicly disclosed by the industry.
CVE official website: CVE -CVE
Vulnerability query: CVE -CVE
The representation of the CVE vulnerability number is as follows:
- CVE assigns a unique vulnerability number to each vulnerability, in the format of "CVE-year-number", such as CVE-2019-0708;
- Each CVE vulnerability mainly contains the following information:
- Description: A brief description of the source of the vulnerability, attack method, etc.;
- Reference: Links to relevant reference information of vulnerabilities, such as vendor's vulnerability announcements, suggestions, etc.;
- CNA: the CNA organization that released this vulnerability;
- Published Date: The date this vulnerability was published;
2. Vulnerability assessment