Vulnerability Lookup
Overview
The vulnerability lookup page is a view that allows the user to search for both Sonatype-proprietary and CVE vulnerabilities that Sonatype has data for and obtain in-depth details about them in real-time.
There are two ways to access this page: directly from the navigation bar using the Vulnerability Lookup link (denoted by the microscope icon), or by clicking on the vulnerabilities identified in the Vulnerability List Report .
When coming here from a link in the Vulnerability List Report the page will show the result of searching for that particular vulnerability.
The page is comprised of two sections: the search box and the vulnerability details.
The Lookup
Vulnerability lookup is an exact match search using vulnerability ID as an input.
Find will send a request to our data services and return the latest information we have about a vulnerability. The vulnerability need not have been already identified in any of your applications or repositories scanned by IQ Server.
The Vulnerability Details
Once a lookup is performed with a valid vulnerability ID, or if coming directly from a link in the Vulnerability List Report, the page will show the details corresponding to that particular vulnerability.
Within these results, the user can find detailed information about a vulnerability, such as an explanation of what comprises the vulnerability, relevant links to more information, severity scores, detection, recommendations, and whether or not the entry has gone through Fast Track or Deep Dive research.
Anonymous Vulnerability Lookup
As of IQ release 75 you can look up a vulnerability without logging in.
A link to the vulnerability lookup page is now provided in the Login dialog:
When a lookup is performed anonymously, the provided vulnerability information is limited to the following vulnerability details:
- Issue
- Severity
- Source
- Explanation
- CVSS Details