Amazon Inspector vulnerability database search - Amazon Inspector
Searching the vulnerability databaseUnderstanding CVE details
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Inspector vulnerability database search

You can search the Amazon Inspector vulnerability database for common vulnerabilities and exposures (CVEs). Amazon Inspector uses information from the vulnerability database to produce details related to a CVE ID. You can access these details in a CVE details page.

This section describes how to search the Amazon Inspector vulernability database using a CVE ID and interpet the CVE details page. For information about findings, see Understanding findings.

Amazon Inspector tracks and produces findings for software vulnerabilities in the vulnerability database. Amazon Inspector only supports CVEs with platforms listed in the Detection Platforms section of the CVE details page.

Note

Currently, CVE search doesn't support Microsoft Windows.

Searching the vulnerability database

This section describes how to search the vulnerability database in the console and with the Amazon Inspector API.

Note

You must activate Amazon Inspector in your current Amazon Web Services Region before you can search the vulnerability database.

Console

  1. Sign in using your credentials, and then open the Amazon Inspector console at https://console.amazonaws.cn/inspector/

  2. From the navigation pane, choose Vulnerability database search.

  3. In the search bar, enter a CVE ID, and choose Search.

API

Run the Amazon Inspector SearchVulnerabilities API, and provide a single CVE ID as filterCriteria in the following format: CVE-<year>-<ID>.

Understanding CVE details

This section descibes how to interpet the CVE details page.

CVE details

The CVE details section includes the following information:

  • CVE description and ID

  • CVE Severity

  • Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) scores

  • Detection platforms

    Note

    If this field is empty, Amazon Inspector doesn't support detection for your CVE ID.

  • Common Weakness Enumeration (CWE)

  • Vendor created and updated dates

Vulnerability intelligence

The vulnerability intelligence section provides threat intelligence data like exploit targets and the last known public exploit date.

It also provides data from the Cybersecurity and Infrastructure Security Agency (CISA), which includes the remediation action, date the CVE was added to the Known Exploited Vulnerability catalog, and date time CISA expects federal agencies to remediate the CVE.

References

The references section provides links to resources for more information about the CVE.