Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE®) is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Records are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD).^[1]

CVE stands for Common Vulnerabilities and Exposures. It is a program launched in 1999 by MITRE, a nonprofit that operates research and development centers sponsored by the federal government, to identify and catalog vulnerabilities in software or firmware into a free “dictionary” for organizations to improve their security.The dictionary’s main purpose is to standardize the way each known vulnerability or exposure is identified. Standard IDs allow security administrators to access technical information about a specific threat across multiple CVE-compatible information sources.^[2]

How does the CVE system work?^[3]
CVE is overseen by the MITRE corporation with funding from the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security.

CVE entries are brief. They don’t include technical data, or information about risks, impacts, and fixes. Those details appear in other databases, including the U.S. National Vulnerability Database (NVD), the CERT/CC Vulnerability Notes Database, and various lists maintained by vendors and other organizations. Across these different systems, CVE IDs give users a reliable way to tell one unique security flaw from another.

The Goal of CVE^[4]
The goal of CVE is to make it easier to share information about known vulnerabilities across organizations.

CVE does this by creating a standardized identifier for a given vulnerability or exposure. CVE identifiers or CVE names allow security professionals to access information about specific cyber threats across multiple information sources using the same common name.

For example, UpGuard is a CVE compatible product and its reports reference CVE IDs. This allows you to find fix information on any CVE compatible vulnerability database.

↑ Definition - What Does Common Vulnerabilities and Exposures (CVE) Mean? Mitre
↑ What is Common Vulnerabilities and Exposures (CVE)? CSO
↑ How does the CVE system work? Redhat
↑ What is the goal of CVE? Upguard

[1] Definition - What Does Common Vulnerabilities and Exposures (CVE) Mean? Mitre

[2] What is Common Vulnerabilities and Exposures (CVE)? CSO

[3] How does the CVE system work? Redhat

[4] What is the goal of CVE? Upguard

[1]

[2]

[3]

[4]