database of publicly disclosed information security issues. • CVE provides a convenient, reliable way for vendors, enterprises, and all other interested parties to exchange information about cyber security issues. • Enterprises typically use CVE, and corresponding CVSS scores, for planning and prioritization in their vulnerability management programs. Example CVE ID : CVE-2021-28294
new or previously unassigned vulnerability in any product. • You have attempted to contact the vendor/developer of the affected product. 1. If the vendor is a CNA: they will assign the CVE ID for you. 2. If the vendor is not a CNA: to verify whether the issue has already been reported or if another CVE ID has already been assigned for the issue. https://cveform.mitre.org/
with a Coordination Center (like CERT/PSIRT), they will direct you to contact CVE at the right time. • The vulnerability does not have to be public before you request a CVE ID, but it does need to be public to be included in the CVE List.
to Vendor with Responsible Disclosure. • Publish your exploit on your blog or by sending an email to firstname.lastname@example.org (exploit-db) • Share the published link to CVE Mitre. • Take a follow-up after 48 hrs.