Integrations for Central Vulnerability Database

Release version: Yokohama

Updated March 28, 2026

3 minutes to read

Summarize

Summarized using AI

Summary of Integrations for Central Vulnerability Database

The Central Vulnerability Database (CVD) integrates with trusted global vulnerability data sources such as the National Vulnerability Database, European Union Vulnerability Database (EUVD), and Japanese Vulnerability Notes (JVN). These integrations enrich and normalize vulnerability records in ServiceNow, enabling more accurate impact assessments, improved risk scoring, and effective remediation planning. The integrations specifically collect data from EUVD and JVN and feed it into the ServiceNow AI Platform® and Vulnerability Response application.

Show full answer Show less

Key Features

Data Enrichment and Normalization: Combines authoritative and commercial intelligence sources for consolidated vulnerability insights.
Integration with Vulnerability Response: Maps Common Vulnerabilities and Exposures (CVE) vulnerabilities to enhance data quality and prioritization.
Manual Activation Required: Both EUVD and JVN integrations are not enabled by default and must be activated manually.
Scheduled Runs: EUVD integration runs on demand, while JVN runs daily once activated, ensuring up-to-date vulnerability data.
Data Processing: Uses custom Import Set and Processor Script framework to convert raw API responses into normalized vulnerability entries in ServiceNow tables.
Vulnerability Representation: Imported vulnerabilities reference source libraries in the snvulnvdentry table, along with related software and references for JVN data.
CVSS Mapping: CVSS scoring details are accurately mapped by version (v2, v3, or v4) to support risk assessment.

Practical Usage and Important Considerations

Run the integration during Vulnerability Response initial setup prior to importing data from third-party scanners to ensure normalized and enriched vulnerability records.
Each integration record has a configured run-as user (default: VIF.System) which should not be changed.
Check entitlements to confirm plugin access on production instances.
EUVD integration does not support delta processing and is recommended to be run weekly.
JVN integration runs automatically daily once activated.
Both integrations focus on CVE-based information and do not ingest Common Platform Enumeration (CPE) or Common Weakness Enumeration (CWE) data, limiting software matching and weakness classification.

Getting Started

Verify that the Integrations for Central Vulnerability Database application is installed in your instance.
Activate the EUVD and/or JVN integration manually before running data imports.
Perform an initial import to confirm successful ingestion of vulnerability data.
Monitor and manage integration runs via the integration records accessible by searching for snvulintfwintegration.LIST in the navigation bar.

The Central Vulnerability Database supports integration with trusted global vulnerability data sources, including the National Vulnerability Database, European Union Vulnerability Database (EUVD), and Japanese Vulnerability Notes (JVN), to enrich and normalize vulnerability records.

By consolidating multiple authoritative and commercial intelligence sources, the Central Vulnerability Database enables more accurate impact assessment, improved risk scoring, and more effective remediation planning from the outset.

The Integrations for Central Vulnerability Database collects data from EUVD and JVN and makes it available to the ServiceNow AI Platform®. It integrates with Vulnerability Response to map CVE vulnerabilities, enriching the data in your instance.

Run this integration as part of the initial setup of Vulnerability Response, before importing data from third-party scanner products, to verify that vulnerabilities are normalized, enriched with external intelligence, and appropriately prioritized at the time of ingestion.

Important:

Each integration record has a configured run-as user. The default value is VIF.System. Don't change this value. In addition, check your entitlements to determine whether you have access to this plugin on production instances.

After installation, the EUVD and JVN integrations aren't enabled by default. Each integration must be manually activated before it can begin collecting data. The EUVD integration runs on demand, while the JVN integration runs daily after it is marked as active . These scheduled and on-demand runs help keep the instance synchronized with external vulnerability data sources and support the vulnerability remediation life cycle.

Imported vulnerability data

In your ServiceNow AI Platform® instance, each vulnerability imported through the EUVD integration is represented as a vulnerability entry sourced from European Union Vulnerability Data and Japan Vulnerability Notes. The integration uses a custom Import Set and Processor Script framework to ingest, parse, and transform raw EUVD and JVN API responses into normalized vulnerability records within ServiceNow.

Vulnerability entries created or updated in the instance reference EUVD and JVN vulnerability records, where each imported vulnerability is represented by a vulnerability entry in the source libraries of the NVD [sn_vul_nvd_entry] table. The EUVD and JVN integrations don't ingest Common Platform Enumeration (CPE) or Common Weakness Enumeration (CWE) data. As a result, vulnerability records and any associated vulnerable items derived from EUVD and JVN data are limited to CVE-based information and don't support CPE-based software matching or CWE-based weakness classification.

The EUVD integration imports vulnerability entries and reference information into the sn_vul_nvd_entry, sn_vul_m2m_entry_cve, and sn_vul_reference tables.

The JVN integration retrieves vulnerability data in XML format, converts it to JSON within the integration layer, and processes the transformed data using a processor script. Vulnerability entries and related data are populated into the sn_vul_nvd_entry, sn_vul_software, sn_vul_m2m_entry_software, sn_vul_m2m_entry_cve, and sn_vul_reference tables. This enables the creation of structured vulnerability records along with relationships to affected software and external references.

Vulnerability Identifiers (VIs) created or updated in your instance reference EUVD and JVN vulnerability entries. CVSS details are mapped based on the version provided (v2, v3, or v4), ensuring accurate scoring and vector representation for each vulnerability record.

Initial import of vulnerability data

To initialize vulnerability data using the EUVD or JVN integrations, perform an initial import and verify successful data ingestion.

Perform an initial import of vulnerability data with the EUVD or JVN integration. You can perform vulnerability updates On Demand for EUVD and Daily for JVN from the integration record by default, and you can configure these as needed.
Verify that the Integrations for Central Vulnerability Database application is installed, and that an initial vulnerability data import from either the ENISA EUVD Integration or the JVN Integration is successful.

Locating the Integrations for Central Vulnerability Database

To view the Integrations for Central Vulnerability Database, type sn_vul_int_fw_integration.LIST in the Navigation Search bar and press Enter .

Note:

Neither the EUVD nor the JVN integration is active by default. You must mark each integration as active before it can be run.

The following integrations are included in the base system:


Integration	Description
EUVD Integration	Retrieves vulnerability data from European Union Vulnerability Data (EUVD). This integration is inactive by default and does not support delta processing, so run it once per week.
JVN Integration	Retrieves vulnerability data from Japanese Vulnerability Notes (JVN). This integration is set to run daily and is inactive by default.