Vulnerability Search

You can search for a particular CVE The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. found in your scanned assets regardless of policies configured for your environment. The CVE Search page shows all the CVEs found in your onboarded environments.

Use Case

CVE Search allows you to find all workload assets affected by a CVE. The search results show all the occurrences of the searched CVE ID in the affected assets, with one result for each occurrence.

Note - If an asset has multiple occurrences of the searched CVE ID, the search results show each of the occurrences.

How it Works

CloudGuard scanners (AWP and Image Assurance) find the CVEs when scanning your environments and assets, for example, images or Virtual Machine instances.

Supported assets:

• Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. Virtual Machines, FunctionApps

• AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. EC2 Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. instances

• Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. images, workloads

• Container Registry A collection of repositories used to store and access container images. images

• ShiftLeft The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. images

Searching

To search for a CVE:

1. Navigate to Workload Protection > Vulnerabilities > Vulnerability Search.

2. Enter the CVE ID in the search bar and click Search. CloudGuard shows all assets affected by the CVE and their information:

   • Affected asset (for example, a workload that runs the affected image), its type, name, and link to the page

   • Scanned asset (for example, an image scanned by the CloudGuard scanner), its type, and name

   • Package name and version

   • Environment where the vulnerability is found

   • Remediation for the vulnerability

3. To limit the search results by certain criteria, use the filter. For example, you can show only fixable vulnerabilities or only in a particular environment.

4. Click the CVE ID to see its details. CloudGuard shows this information in a sliding panel:

   • CVE severity (color and symbol)

   • Source

   • Description

   • Remediation (if applicable) - Remediation is the package version that you need to upgrade to.

   • Affected asset details

   • Containing package

00:03: This guide demonstrates how to search for a cve found in your Cloud assets. 00:08: From the menu. Select workload protection. 00:11: Navigate to the vulnerabilities section. 00:14: Select "Vulnerability search". 00:16: Type the cve ID and click "search". 00:19: View all the instances and assets where the cve was found. 00:23: Click one of the instances to access detailed information for the cve. 00:28: Click the menu to access additional options available for the cve. 00:33: The remediation section shows which package version resolves the cve. 00:38: Click the link of the scanned asset to go to its details and learn more about the scan. 00:43: The Scanned asset page shows its General details, click the vulnerabilities tab. 00:48: This page shows all cves found in this asset. 00:51: Get back to the cves page to learn more about an affected asset or the 00:55: package. When you finish close the window. 00:58: This guide covered the steps for searching a cve in Cloud guard.