What we analyze
CVEs (Common Vulnerabilities and Exposures) are publicly documented security vulnerabilities. We correlate the technologies detected on your server with vulnerability databases to identify known risks.
Verification points
NVD Database
Correlation with NIST's National Vulnerability Database.
Public exploits
Verification of availability of exploitation tools.
CVSS severity
Prioritization based on standard severity score.
Available patches
Information about fixes and recommended updates.
Why is it important?
60% of cyberattacks exploit known vulnerabilities for which patches already exist. Identifying and remediating these vulnerabilities is one of the most effective measures to protect your infrastructure.
Impact if it fails
- Direct exploitation of known vulnerabilities
- Automated attacks using public exploits
- Remote code execution
- Complete system compromise
Applicable Legal Framework
Article 32 of GDPR implies the obligation to manage known vulnerabilities. Failure to apply available patches for known risks may result in liability in case of a breach.
Potential Sanctions
| Company Type | Indicative Fine |
|---|---|
| Micro-enterprise | 5,000 - 40,000 € |
| SME | 40,000 - 300,000 € |
| Large Enterprise | Up to 10M € or 2% turnover |