Searching the Amazon Inspector vulnerability database - Amazon Inspector

Searching the Amazon Inspector vulnerability database

You can search the Amazon Inspector vulnerability database for common vulnerabilities and exposures (CVE). Amazon Inspector uses information from the vulnerability database to produce details related to a CVE ID. You can view these details on the CVE details screen. Amazon Inspector tracks and produces findings for software vulnerabilities in the vulnerability database. Amazon Inspector only supports CVEs with platforms listed in the Detection Platforms section of the CVE details screen. This section describes how to search the Amazon Inspector vulernability database using a CVE ID.

Note

Currently, CVE search doesn't support Microsoft Windows.

Searching the vulnerability database

This section describes how to search the vulnerability database in the console and with the Amazon Inspector API.

Note

You must activate Amazon Inspector in your current AWS Region before you can search the vulnerability database.

Console
  1. Sign in using your credentials, and then open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home

  2. From the navigation pane, choose Vulnerability database search.

  3. In the search bar, enter a CVE ID, and choose Search.

API

Run the Amazon Inspector SearchVulnerabilities API, and provide a single CVE ID as filterCriteria in the following format: CVE-<year>-<ID>.

Understanding CVE details

This section descibes how to interpet the CVE details page.

CVE details

The CVE details section includes the following information:

  • CVE description and ID

  • CVE Severity

  • Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) scores

  • Detection platforms

    Note

    If this field is empty, Amazon Inspector doesn't support detection for your CVE ID.

  • Common Weakness Enumeration (CWE)

  • Vendor created and updated dates

Vulnerability intelligence

The vulnerability intelligence section provides threat intelligence data like exploit targets and the last known public exploit date.

It also provides data from the Cybersecurity and Infrastructure Security Agency (CISA), which includes the remediation action, date the CVE was added to the Known Exploited Vulnerability catalog, and date time CISA expects federal agencies to remediate the CVE.

References

The references section provides links to resources for more information about the CVE.