CVE Tab

CVEs serve as the primary source for vulnerability management by identifying potential vulnerabilities. As a standard practice, F5 discloses security vulnerabilities and exposures related to their products to assess the impact on devices. AppViewX, on the other hand, collects details of these Common CVE on a daily basis and maintains a CVE database within its platform. Currently, the source of information for AppViewX is the CVE Mitre site, where publicly disclosed information about security vulnerabilities and exposures can be obtained.

All the collected CVEs and their impact on F5 versions are cross-verified against the F5 devices managed in the inventory. AppViewX then proceeds to publish the vulnerabilities in the form of reports, providing valuable insights on the affected devices. The CVE summary report provides an overview of the number of CVEs detected across all F5 devices, categorizing them by severity (such as critical, high, medium, and low). Based on the severity of these CVEs, the overall risk summary of the ADC infrastructure is calculated. In this specific data set, the risk rating falls within grade D, as indicated here.

Each grade, ranging from A to D, in AppViewX has a predefined definition. The legend provided explains the logic behind these grades. For example, if there are 5 or fewer High CVEs, it falls under Grade A, which represents the safest grade. With 10 High CVEs, the grade would be B, while 30 would fall under Grade C. Anything beyond that would be classified as Grade D. It's important to note that this logic can be customized according to specific requirements. This report provides valuable insights into the security posture of your infrastructure.

You will receive a comprehensive report that includes detailed information about each CVE, along with remediation recommendations. This report ensures that you have a clear understanding of the vulnerabilities and offers guidance on how to address them effectively. The report provides information on each CVE, including the CVE name, its score, the affected version, and the recommended version with the available fix. Let's consider one specific CVE as an example. This CVE addresses the xxx issue, and F5 recommends upgrading to version 15.x to resolve it. AppViewX offers a closed-loop remediation option to seamlessly perform this upgrade on the F5 devices in a quick and simplified manner. After the upgrade, the device's version will be updated from 14 to 15, ensuring that the device is free of vulnerabilities.