Nexpose vulnerability scans can be imported to Cyver Core using XML.
Rapid7's Nexpose delivers vulnerability management complete with asset visibility and discovery, prioritization information, and remediation information. You can import all of that directly to Cyver Core. Here, you can manually import findings or automate imports via API. Simply generate a Nexpose report in XML format and export it for direct import to Cyver Core.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | <vulnerability id="microsoft-exchange-cve-2022-21978" title="Microsoft Exchange: CVE-2022-21978: Microsoft Exchange Server Elevation of Privilege Vulnerability"> | |
| Type | Vulnerability Observation |
|
| Assets | <Node address="87.242.186.231"> <Names> <name>host-87-242-186-231.static.onetel.net.uk</name> </Names> </Node> |
|
| Description | <description> <ContainerBlockElement> <Paragraph>Microsoft Exchange Server Elevation of Privilege Vulnerability.</Paragraph> </ContainerBlockElement> </description> |
|
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<vulnerability severity="7" ... > |
| CVSS20Score | <vulnerability cvssScore="7.2".....></vulnerability> | |
| CVSS20Vector | <vulnerability cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" ....></vulnerability> | |
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
|
| CVEList | for example: CVE-1; CVE-721 |
<references> <reference source="CVE">CVE-2022-21978</reference> </references> |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | <solution> <ContainerBlockElement> <UnorderedList> <ListItem> <Paragraph>Microsoft Exchange Server 2016</Paragraph> <Paragraph>Download and apply the patch from: ...</Paragraph> </ListItem> </UnorderedList> </ContainerBlockElement> </solution> |
|
| External References | <references> <reference source="URL">https://support.microsoft.com/help/5014261</reference> </references> |
|
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).