Vulnerability Lookup
The vulnerability lookup view allows the user to search for Sonatype-proprietary and CVE vulnerabilities.
There are two ways to access this page: directly from the navigation bar or by clicking on the vulnerabilities identified Vulnerabilities List.
The Vulnerability List Report will show the result of searching for that particular vulnerability.
The page is comprised of two sections: the search box and the vulnerability details.
 |
Vulnerability lookup is an exact match search using vulnerability ID as an input.
Find will send a request to our data services and return the latest information we have about a vulnerability. The vulnerability need not have been already identified in any of your applications or repositories scanned by IQ Server.
CVEs not found in Sonatype data
Our vulnerability search feature is used to search for vulnerabilities that exist in components we have ingested into our data. It is not a general lookup for all CVEs reported on the National Vulnerability Database (NVD).
The search will not show vulnerabilities for components we have not ingested.
The Vulnerability Details
Once a lookup is performed with a valid vulnerability ID, or if coming directly from a link in the Vulnerability List Report, the page will show the details corresponding to that particular vulnerability.
 |
Within these results, the user can find detailed information about a vulnerability, such as an explanation of what comprises the vulnerability, relevant links to more information, severity scores, detection, recommendations, and whether or not the entry has gone through Fast Track or Deep Dive research.
Anonymous Vulnerability Lookup
You can look up a vulnerability without logging in.
A link to the vulnerability lookup page is now provided in the Login dialog:
 |
When a lookup is performed anonymously, the provided vulnerability information is limited to the following vulnerability details:
Issue
Severity
Source
Explanation
CVSS Details
 |