- July 12, 2023: Moved page to the Reports section and updated to reflect the new Vulnerability Catalog report.
- October 10, 2022: Workflow updated for Insurance and National Cybersecurity to get notification emails of newly added vulnerabilities.
- November 12, 2021: Added navigational instructions for the TPRM application.
The Vulnerability Catalog report surfaces all vulnerabilities that are tracked in the Bitsight platform. It includes:
- A catalog of vulnerabilities and their details.
- Remediation instructions. Prominent vulnerabilities have a Common Vulnerabilities and Exposures (CVE) ID. Use this ID in web searches or in the National Vulnerability Database (NVD) for more information about the vulnerability in question.
Available in the Findings and Infrastructure section of the Reports page.
Vulnerability Details
The report can include the following information:
| Field | Description |
|---|---|
| Name | Prominent vulnerabilities have a Common Vulnerabilities and Exposures (CVE) ID. Use this ID in web searches or in the National Vulnerability Database (NVD) for more information about the vulnerability in question. |
| Bitsight Severity | The Bitsight severity [of a vulnerability], based on the CVSS v3 base score. Learn more about the difference between Bitsight Severity and the CVSS scoring models. |
| Classification | The detection status of the vulnerability. |
| Support Started | Date when coverage for this vulnerability started. |
| Companies Impacted | The number of companies in your portfolio that are affected by the vulnerability. Click on this field to view your portfolio. |
| Description | A description of the vulnerability. |
| Remediation | Remediation instructions (if available). |