Skip to main content

Vulnerability Lookup

The vulnerability lookup page is a view that allows the user to search for both Sonatype-proprietary and CVE vulnerabilities that Sonatype has data for and obtain in-depth details about them in real time.

There are two ways to access this page: directly from the navigation bar using the Vulnerability Lookup link (denoted by the microscope icon), or by clicking on the vulnerabilities identified in the Vulnerability List Report.

When coming here from a link in the Vulnerability List Report the page will show the result of searching for that particular vulnerability.

The page is comprised of two sections: the search box and the vulnerability details.

The Lookup

126654411.png

Vulnerability lookup is an exact match search using vulnerability ID as an input.

Find will send a request to our data services and return the latest information we have about a vulnerability. The vulnerability need not have been already identified in any of your applications or repositories scanned by IQ Server.

The Vulnerability Details

Once a lookup is performed with a valid vulnerability ID, or if coming directly from a link in the Vulnerability List Report, the page will show the details corresponding to that particular vulnerability.

153060747.png

Within these results, the user can find detailed information about a vulnerability, such as an explanation of what comprises the vulnerability, relevant links to more information, severity scores, detection, recommendations, and whether or not the entry has gone through Fast Track or Deep Dive research.

Anonymous Vulnerability Lookup

You can look up a vulnerability without logging in.

A link to the vulnerability lookup page is now provided in the Login dialog:

137206046.png

When a lookup is performed anonymously, the provided vulnerability information is limited to the following vulnerability details:

  • Issue

  • Severity

  • Source

  • Explanation

  • CVSS Details

153060299.png