Learn to read and write CVE descriptions, CVSS scoring language, and security advisory communication.
0 / 5 completed
1 / 5
A CVE (Common Vulnerabilities and Exposures) entry describes:
A CVE entry (e.g., CVE-2021-44228 for Log4Shell) identifies and standardises a specific vulnerability — enabling consistent reference across vendors, tools, and advisories.
2 / 5
A CVSS score of 9.8 (Critical) indicates:
CVSS 9.0-10.0 is Critical: typically network-exploitable, no authentication required, and high impact across all three CIA (Confidentiality, Integrity, Availability) dimensions.
3 / 5
In a security advisory, 'affected versions' specifies:
Affected versions allow organisations to quickly determine if their installations are vulnerable — the first question when responding to any advisory.
4 / 5
A 'workaround' in a security advisory means:
Workarounds (disabling a feature, blocking a port, adding WAF rules) reduce risk while awaiting a full patch — important for zero-day advisories where patches may take days.
5 / 5
CVSS 'attack vector: Network' means the vulnerability can be exploited:
Network attack vector means the vulnerability is remotely exploitable via the internet — the most dangerous attack vector, as it allows any attacker globally to attempt exploitation.