Modify the vulnerability assessment record

  • Release version: Zurich
  • Updated March 12, 2026
  • 4 minutes to read

    • Update the Vulnerability Assessment record, post it’s creation. Based on the field's values you can calculate the risk score.

    Before you begin

    Role required: sn_vul_analyst.vul_event_manager

    About this task

    After the primary CVE is added to the vulnerability assessment, the record is moved to a Pending Assessment state. You can further add other related CVEs in the Vulnerability Entriestab or add the products affected by this vulnerability from the Affected Products tab. You can make further modifications to the Risk Assessment fields and the Risk Score for the assessment record is automatically updated accordingly. You can add or modify the CI filter to control which configuration items are collected in the next assessment run.

    Procedure

    1. Navigate to All > Vulnerability Assessment Workspace > Vulnerability Assessment.
    2. On the Details tab, update the fields.
      Field Description
      Title Title describing the vulnerability event record.
      Primary CVE Primary CVE which you associated with the event record.
      State Current state of the event record.
      Priority Priority of the event record on a scale of 1-5.
      Note:
      When you change the priority of a vulnerability assessment (VA), the system automatically updates the priority of all associated VITs and AVITs with source ServiceNow. If a VIT or AVIT is linked to multiple assessments, the system assigns the minimum priority value (highest severity) from all linked assessment records.
      Alert Source Source of the potential vulnerability event.
      Risk Score Auto-calculated risk score.

      Not editable by default.
      Exposure-level The exposure level of the vulnerability event on a scale of 1-5.
      Assignment Group The assignnment group to whom the event record is assigned.
      Assigned To The user the event record is assigned to.
      Description Detailed description of the event record.
      CI Filter Optional condition builder that filters the CIs collected during assessment using fields from the CI [cmdb_ci] table.
    3. Navigate to the Vulnerability Entries tab to add associated or related CVEs.
      1. Select New.
      2. Search for the record in the Vulnerability entry field.
      3. Select the vulnerability record you want to associate with the assessment record.
      4. Optional: Select Browse to browse and attach a file.
      5. Select Save.
      The vulnerability records you selected are added to the assessment record and display in the Vulnerabilities Entries tab.
    4. Optional: Add affected products.
    5. Add related link to the assessment record.
    6. Modify the Risk Attributes for the primary CVE associated with the vulnerability assessment event record.
      Field Description
      Memory corruption Indicates whether this event record can corrupt memory.
      Remote code executable Indicates if the remote code execution is possible.
      Local privilege escalation Indicates if local privilege escalation vulnerability exists.
      Unauthorised access Indicates if unauthorised access vulnerability exists.
      DDOS Indicates if the potential event could involve Distributed Denial of Service.
      Attack Complexity Indicates the complexity of the attach.

      Options are Low, Medium, or High.
      Attack vector Indicates the potential pathway or method of attack.

      Options are– Network, Adjacent network, Local, Physical, None.
      Privileges required Indicates the level of privileges an attacker required to exploit the vulnerability.

      Options are None, Low or High.
      User interaction Indicates whether or not user interaction is needed to exploit the vulnerability.
      Confidentiality impact Indicates the measure of the potential impact on confidentiality of the vulnerability.

      Options are None, Low, or High
      Scope change Indicates if the scope if the assessment has changed.
      Availability impact Indicates the potential impact to availability of a successfully exploited misuse vulnerability. Availability refers to the accessibility of information resources.

      Options are None, Low, or High
      Integrity impact Indicates the potential impact to integrity of a successfully exploited misuse vulnerability. Integrity refers to the trustworthiness and guaranteed veracity of information.

      Options are None, Low, or High
      Remediation level Indicates the status or availability of remediation for the vulnerability.

      Options are Official Fix, Temporary Fix, Workaround, Unavailable, Not defined.
      Exploit code maturity Indicates the likelihood of the vulnerability being exploited based on the existing state of exploit techniques and code availability.

      Options are Unproven, Proof-of-concept, Functional, High, and Not defined.
      Report confidence Indicates how confident you are that the vulnerability exists.
    7. Enter relevant comments in the Compose field.
      • Enter your work notes in the Work notes (Private) field.
      • Enter your comments (visible to everyone) in the Comments field.
    8. Save the assessment record.
      Based on the updates you made to the Risk attribute fields for the primary CVE or the affected product associated with the assessment record, the Risk score field is automatically updated.
      Note:
      To modify the base system risk score calculator rules or criteria, navigate to All > Vulnerability Assessment Calculators > Vulnerability Assessment Risk Calculator > Vulnerability Assessment Risk Rule. You can add criteria and modify the field level weightage to existing criteria as needed.

    What to do next

    Perform an initial assessment of the event record.

    Delete associated CVEs or affected products from the vulnerability assessment record

    Delete a vulnerability event record if it is no longer required.

    Before you begin

    Role required: sn_vul_analyst.vul_event_manager

    About this task

    You can delete CVEs or affected products associated with the vulnerability assessment record. You can only delete vulnerability entries/associated CVEs or affected products if they are in New or Pending assessment states.

    Procedure

    1. Navigate to All > Workspaces > Vulnerability Assessment.
    2. Select the vulnerability assessment record.
    3. Select the Vulnerability Entries tab or the Affected Products tab.
    4. Select the associated CVE or the affected product record.
    5. Select Delete.
      Note:
      The Delete button displays only for an assessment record when they are in New or Pending Assessment states.