Configure an OVAL Vulnerability

Open Vulnerability and Assessment Language (OVAL) is an international information security community baseline standard, designed to check for the presence of vulnerabilities and configuration issues on computer systems. Managers can add OVAL vulnerabilities to the KnowledgeBase to make them available for scanning.

Tell me about OVAL supportTell me about OVAL support

Our service supports OVAL vulnerability definitions for Windows registry tests, Windows file tests and compound tests, which are Boolean combinations of other tests. The service supports the OVAL Definition Schema and the Platform Schema for Windows. These schemas define the structure and vocabulary of the OVAL vulnerability definitions. OVAL versions 4.0, 4.1 and 4.2 are supported. To learn more about OVAL, go to:  


Simply go to VM/VMDR > KnowledgeBase > New > OVAL Vulnerability.

Enter basic information like the vulnerability title, severity level (1-5) and vulnerability type.

Enter optional vulnerability details like the vendor reference number (such as a Microsoft Security Bulletin like MS03-046), the Bugtraq ID assigned by SecurityFocus, and CVSS Base and Temporal scores. (The CVSS options only appear when CVSS Scoring is enabled for the subscription.)

Certain details will be populated by the service after the vulnerability is saved. The OVAL ID and CVE ID will be extracted directly from the OVAL XML, and a unique QID will be assigned starting at 130000. Subsequent QIDs are incremented by one (130001, 130002, 130003, etc).

The descriptions will appear with the vulnerability details in your scan reports. The Threat description is automatically populated with text from the <DESCRIPTION> tag in the OVAL XML. Edit the OVAL XML to change the description. The impact describes the possible consequences if the vulnerability is successfully exploited. The solution describes a verified fix for the problem.

In the OVAL section, paste in a complete OVAL vulnerability definition in XML. OVAL vulnerability definitions are free to review and download from the OVAL web site. The OVAL vulnerability definition must contain:

- OVAL versions 4.0, 4.1 and 4.2 are supported. The version number is not required in the OVAL element as it will be added by the service upon validation against the OVAL DTD. If the OVAL version is included in the XML, it must be defined as <OVAL version="4">, <OVAL version="4.1"> or <OVAL version="4.2">.

- One OVAL ID must be defined. The OVAL ID must be a unique number between 1 and 19999.

- There must be at least one CRITERION element which refers to a test, using reference IDs such as "wrt-187".

- There must be only one DEFINITION element.

- There may be several TEST elements. The tests that are referred to may be defined in the TEST element of the current definition or may have been defined in a prior definition.

Click Save after you've added your OVAL vulnerability settings. You'll see your OVAL vulnerability in the KnowledgeBase and it's assigned a QID number automatically.