Vulnerability Lookup

New in release 67

Overview

The vulnerability lookup page is a view in the application that allows the user to search for both Sonatype-proprietary vulnerabilities and CVE vulnerabilities that Sonatype has data for and obtain our in-depth details about them in real time.

There are two ways to access this page: directly from the navigation bar using the Vulnerability Lookup link (denoted by the magnifying glass icon), or by clicking on the vulnerabilities identified in the Vulnerability List Report .

When coming here from a link in the Vulnerability List Report the page will show the result of searching for that particular vulnerability.

The page is comprised of two sections: the search box and the vulnerability details.

The Input Box

Vulnerability lookup is an exact match search using vulnerability ID as an input.

Find will send a request to our data services and return the latest information we have about a vulnerability.  The vulnerability need not to have been already identified in any of your applications or repositories scanned by IQ Server.

The Vulnerability Details

Once a lookup is performed with a valid vulnerability ID, or if coming directly from a link in the Vulnerability List Report, the page will show the details corresponding to that particular vulnerability.

Within these results the user can find detailed information about a vulnerability, such as an explanation of what comprises the vulnerability, relevant links to more information, severity scores, detection and recommendations.

Anonymous Vulnerability Lookup 

NEW IN RELEASE 75

As of IQ release 75 you can look up a vulnerability without logging in.

A link to the vulnerability lookup page is now provided in the Login dialog:

When a lookup is performed anonymously, the provided vulnerability information is limited to the following vulnerability details:

  • Issue
  • Severity
  • Source
  • Explanation
  • CVSS Details