Create an application vulnerability entry

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 4분

    • Create an application vulnerability entry for the vulnerability specified for the penetration test finding. Application vulnerabilities are vulnerabilities on the custom software applications.

    시작하기 전에

    Role required: Ethical Hacker

    이 태스크 정보

    Application Vulnerability Response relates a vulnerability to an application to create the penetration test finding. These findings are manually-created application vulnerable items (AVIs). You can reuse an existing entry or create one manually for each vulnerability during penetration testing.

    프로시저

    1. Navigate to All > Application Vulnerability Response > Libraries > Third-Party.
    2. On the Application Vulnerability Entries page, select New.
    3. On the form, fill in the fields.
      표 1. Application Vulnerability Entry form (Penetration test view)
      Field Description
      ID Identifier for this vulnerability entry.
      Severity Normalized degree of severity of this vulnerability. Severity maps are provided for NVD and with ServiceNow third-party integrations. For more information on creating or adjusting severity maps, see Map the severity of an application vulnerable item automatically.
      Primary CVE Reference to the Common Weakness Enumeration element that this vulnerability best fits into.
      Category name Classification provided by the third-party integration. Aids in assignment.
      Vulnerability Details
      Attack vector Most vulnerable attack vector for this vulnerability.
      Attack complexity Metric that describes the conditions beyond the attacker's control that must exist to exploit the vulnerability.
      Scope Metric to measure the ability of a software vulnerability to impact resources beyond its means.
      Integrity Metric to measure the impact to the integrity of a successfully exploited vulnerability.
      CVSS Vector Open framework to capture the characteristics and severity of software vulnerabilities.
      Privileges required Level of privileges an attacker must possess before successfully exploiting the vulnerability.
      User interaction Requirement for human interaction to successfully exploit a vulnerability.
      Confidentiality Impact to the confidentiality of the information resources due to a successfully exploited vulnerability. These resources are managed by a software component.
      Availability Impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
      CVSS Base Score Numeric (0-10) representation of the severity of an application vulnerability entry.
      Threat Description of the threat from this vulnerability.
      Mitigation description Description of the steps to mitigate the vulnerability.
    4. To save the form, select Submit.
      주:
      AVEs are created in the Application Vulnerability Entry (sn_vul_app_vul_entry) table. The Application Vulnerability Entry table is a child of the Vulnerability Entry (sn_vul_entry) table. Hence, the AVEs created are added to the Vulnerability Entry table as well.