Consolidated CVE information differs from original information

Meri
Tera Contributor

‎10-10-2023 01:43 AM

Hi, Community

 

Incorporates vulnerability information from NIST, TVM, and Tenable.
The CVE on ServiceNow is marked as "Exploit exists is Yes'', but when checking the information on the main unit (for example, TVM), it may be "Exploit exists is No".

 

Is there anyone experiencing the same issue?
Also, could you tell me how to make the vulnerability information on ServiceNow and the original the same?

 

Regards

Meri

0 Helpfuls
  • 1,211 Views
5 REPLIES 5

andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Meri

‎10-12-2023 07:21 AM

Hey there - no worries... The documentation in this area can certainly be improved, as it does not quite cover the details under the hood here.

 

Q1) Actually, the Exploit Exists field at the moment, is not set by either of those 2 integrations you called out -> CWE nor NIST NVD...     Rather, it would be set by integrations along the lines of Shodan Exploit Enrichment, Microsoft TVM (for the CVE)

Q2) If you do another integration run, and backdate it - does that stubborn CVE have it's Exploit Exists set to True?  --> CVE-2022-4132

Q3) There certainly is - but unfortunately, it is difficult to triage and troubleshoot this without access to the instance, and logs.  You should create a NOW Support Case for further review and assistance on troubleshooting this.   

As mentioned before, it is likely a matter of one of the data integrations and potentially a problem with one of the delta imports - but would need to be examined further with access to the instance(s) to compare, and the logs on the target instance where that CVE is sticking out with the mis-matched Exploit Exists field.

 

0 Helpfuls