Cyber Security Terms

Common Vulnerabilities & Exposures

Edward Kost
Edward Kost
updated Sep 22, 2021

What are Common Vulnerabilities & Exposures?

Common Vulnerabilities and Exposures (CVEs) is a public catalog of known cybersecurity issues in software solutions.

The CVE program was launched in September 1999 and is currently overseen by the MITRE Corporation. Each vulnerability is documented as a separate record in the CVE catalog and published by organizations that have partnered with the CVE program. 

The CVE catalog can be accessed on the MITRE website and also via the National Vulnerability Database (NVD).

What is the Common Vulnerability Scoring System?

The Common Vulnerability Scoring System (CVSS) measures the severity of each vulnerability with a number ranging from 0.0 to 10.0. 

The categories for each scoring range are as follows:

  • 0.0 represents no risk
  • 0.1 - 3.3 represents a low risk
  • 4.0 - 6.9 represents medium risk
  • 7.0 - 8.9 represents a high risk
  • 9.0 - 10.0 represents a critical risk

What Qualifies as a CVE?

To qualify as a CVE, a vulnerability needs to meet three conditions:

  1. The vulnerability must only be associated with a single product.
  2. The impacted vendor must acknowledge the security vulnerability or the reporting party must prove its violation of the impacted vendor’s security policy.
  3. It must be possible to remediate the vulnerability independently from other software issues.

Key takeaways

  • Check icon
    CVE records keep organizations informed of the latest exposures impacting their third-party software.
  • Check icon
    Security teams should regularly reference the CVE catalog to stay updated about the latest software exploits.
  • Check icon
    Vendor risk management programs should incorporate the latest CVEs in their security questionnaires and risk assessments.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating