Cyver Core supports direct integration from Snyk's developer security platform including code scanner and app sec scanner. This includes importing vulnerabilities, vulnerability databases, and full scan results, either manually or automatically via API. The import supports Snyk, Snyk Code, Snyk Open Source, Snyk Container, Snyk IaC, Snyk AppRisk, Snyk API & Web, and more.
Findings Field Mapping
| Field | Values | Example |
| Code | Affects | |
| Title | "title": "Server-side Request Forgery (SSRF)" | |
| Type | Vulnerability Observation |
|
| Assets | "packageName": "ch.qos.logback:logback-core" | |
| Description | "description": "## Overview\n[ch.qos.logback:logback-core](https://mvnrepository.com/artifact/ch.qos.logback/logback-core) is a logback-core module.\n\nAffected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the `SaxEventRecorder` process. An attacker can forge requests by compromising logback configuration files in XML.\n## Remediation\nUpgrade `ch.qos.logback:logback-core` to version 1.3.15, 1.5.13 or higher.\n## References\n- [Additional Information](https://logback.qos.ch/news.html#1.5.13)\n- [GitHub Commit](https://github.com/qos-ch/logback/commit/2863a4974a3649b5b00d4a529ee6ff2063470f35)\n- [GitHub Commit](https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d)\n- [Release Notes](https://logback.qos.ch/news.html#1.3.15)\n", | |
| Occurrence | New Occurrence Reoccurrence |
|
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
"severity": "low" |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | "cvssScore": 2.4 | |
| CVSS30Vector | "CVSSv3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L" | |
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
"identifiers": { "CWE": [ "CWE-918" ] } |
| CVEList | for example: CVE-1; CVE-721 |
"identifiers": { "CVE": [ "CVE-2024-12801" ] } |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | ||
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).