From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Join today to access over 25,300 courses taught by industry experts.
Using SSVC
- [Instructor] Now that you understand the four key decision points in SSVC, let's look at how to put them into use. Thanks once again to the folks at CISA. There's a handy calculator available online that walks you through the process and calculates the end decision for you. You can find it on CISA's website at www.cisa.gov/ssvc-calculator. We're going to take a look at a specific vulnerability found on one of our systems at Red 30 and use the SSVC calculator to help us determine if we should track, track within a specific timeframe, attend, or act on this vulnerability, we've identified a specific vulnerability on Red 30's internet facing web server. This server hosts the company's SaaS application, r30web, that accounts for 80% of Red 30's business. The specific vulnerability identified is CVE-2024-50379. It's a vulnerability in the Apache Tomcat web server application that can lead to remote code execution, or RCE. Before we get started, we'll want to look at the CVE record and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.