Open Vulnerability and Assessment Language (OVAL) is an international information security community baseline standard, designed to check for the presence of vulnerabilities and configuration issues on computer systems.
Managers can add OVAL vulnerability definitions to the KnowledgeBase making them available for scanning. The service supports OVAL vulnerability definitions for Windows registry tests, Windows file tests and compound tests, which are Boolean combinations of other tests. The service supports the OVAL Definition Schema and the Platform Schema for Windows. These schemas define the structure and vocabulary of the OVAL vulnerability definitions. OVAL versions 4.0, 4.1 and 4.2 are supported. To learn more about OVAL, go to: http://oval.mitre.org/
When adding a new vulnerability, paste in XML for an OVAL vulnerability definition. OVAL vulnerability definitions are free to review and download from the OVAL web site.
The information you provide for the vulnerability will appear in vulnerability details whenever the vulnerability is referenced, such as in scan reports.
1. Select KnowledgeBase from the left menu, under Tools.
2. Go to New > OVAL Vulnerability.
3. Under General Information, provide the following details:
• Title. Enter a unique title for this vulnerability. Include a maximum of 64 characters.
• Severity Level. Select a severity level for this vulnerability, ranging from one to five. See Severity Levels for severity level definitions.
• Vulnerability Type. Select the vulnerability type for this vulnerability. Your options are: Confirmed Vulnerability, Potential Vulnerability and Information Gathered.
4. On the Details tab, provide the following optional details:
• Vendor reference. A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046.
• Bugtraq ID. The Bugtraq ID number assigned to the vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community.
• CVSS Base. (Only appears when CVSS Scoring is enabled for the subscription.) A CVSS Base score, representing the fundamental, unchanging qualities of the vulnerability. For guidelines on calculating the Base score, go to: http://www.patchadvisor.com/PatchAdvisor/CVSSCalculator.aspx
• CVSS Temporal. (Only appears when CVSS Scoring is enabled for the subscription.) A CVSS Temporal score, representing the time dependent qualities of the vulnerability. For guidelines on calculating the Temporal score, go to: http://www.patchadvisor.com/PatchAdvisor/CVSSCalculator.aspx
5. On the Impact tab, enter a description of the possible consequences that may occur if this vulnerability is successfully exploited.
6. On the Solution tab, enter a suggested solution to fix the problem.
7. On the OVAL tab, paste in a complete OVAL vulnerability definition in XML. The OVAL vulnerability definition must contain the following elements:
• OVAL versions 4.0, 4.1 and 4.2 are supported. The version number is not required in the OVAL element as it will be added by the service upon validation against the OVAL DTD. If the OVAL version is included in the XML, it must be defined as <OVAL version="4">, <OVAL version="4.1"> or <OVAL version="4.2">.
• One OVAL ID must be defined. The OVAL ID must be a unique number between 1 and 19999.
• There must be at least one CRITERION element which refers to a test, using reference IDs such as "wrt-187".
• There must be only one DEFINITION element.
• There may be several TEST elements. The tests that are referred to may be defined in the TEST element of the current definition or may have been defined in a prior definition.
8. Click Save.
The OVAL XML is validated and the new vulnerability is added to the KnowledgeBase.
One OVAL ID may be defined for one vulnerability. When the vulnerability is added, the service automatically assigns it a unique QID starting at 130000. Subsequent QIDs are incremented by one — 130001, 130002, 130003, etc.
The Threat description in the vulnerability details is automatically populated with text from the <DESCRIPTION> tag in the OVAL XML. Edit the OVAL XML to change the description. The CVE ID is also extracted directly from the OVAL XML if provided.