common vulnerabilities and exposures (security) (CVE)

Common Vulnerabilities and Exposures (CVE) is a directory of commonly known vulnerabilities in computer systems used in Vulnerability Management( VM), IPS systems and IDS systems, alerting systems, and the National Vulnerability Database (NVD). Funded by the United States Department of Homeland Security, the CVE Directory is managed by the MITRE Corporation in collaboration with various educational institutions, government agencies, and corporations.

The CVE directory offers the advantage that companies and institutions can exchange information about security vulnerabilities. From the designation it follows that it concerns on the one hand Vulnerability, thus susceptibilities, vulnerabilities and weak points, on the other hand around Exposures. In this context, these are understood to be system configurations or errors in the software that serve as a stepping stone for the attacker and enable him to penetrate the systems and undermine the existing security policy.

Common Vulnerabilities and Exposures recognizes CVE Identifiers, also referred to as CVE Names, CVE Numbers or CVE-IDs, which are used to uniquely identify commonly known vulnerabilities. The CVE-IDs have the status "Entry" or "Candidate". Entry status indicates that the CVE ID has been accepted by the CVE list, while Candidate status indicates that the CVE ID will be monitored further before being added to the CVE list.

Each CVE identifier consists of an identification number, the status indicator, a brief description of the vulnerability, and a matching reference.