What is the CVE and how does it work?
CVE stands for Common Vulnerabilities and Exposures, a program launched in 1999 by MITRE, a nonprofit that operates research and development centers sponsored by the federal government. Its purpose is to identify and catalog vulnerabilities in software or firmware into a free “dictionary” for organizations to improve their security.
According to the CVE website, a vulnerability is a mistake in software code that provides an attacker with direct access to a system or network. It could allow an attacker to pose as a super-user or system administrator with full access privileges.
An exposure is a mistake that gives an attacker indirect access to a system or network. It could allow an attacker to gather customer information that could be sold.