Vulnerability (CAT-MIP-000000370)
Accepted • 2025-09-19 • by nicole
Definition
A Vulnerability is a weakness or flaw in software, hardware, or configuration that could be exploited to compromise system security, data integrity, or availability. Vulnerabilities are typically assigned a unique identifier (e.g., CVE ID), a severity score (e.g., CVSS), and may be associated with known exploits. In the MSP context, vulnerabilities are detected through scans, threat intelligence feeds, or vendor advisories and are often tracked and mitigated using patching, configuration changes, or compensating controls.
Prompt Examples
- Generate a vulnerability report for third-party software used in finance-related sites.
- Has the CVE-2024-23978 vulnerability been patched across all cloud servers?
- List all critical vulnerabilities detected on devices in the 'Healthcare West' tenant.
Agent Execution
When a prompt refers to a "Vulnerability," the AI agent will:
- Check remediation status: patched, mitigated, or unaddressed
- Look up the vulnerability using known identifiers or descriptive keywords
- Map the vulnerability to affected software, devices, or configurations
- Query vulnerability scan results or correlated security event data
- Recommend or trigger remediation actions if authorized
Synonyms
- CVE
- Exploit
- Security Flaw
- Weakness
Relationships
- Vulnerability affects Software or Device
- Vulnerability hasSeverity Score
- Vulnerability isIdentifiedBy VulnerabilityScanner or ThreatFeed
- Vulnerability isRemediatedBy Patch or ConfigurationChange
History
| Date | Author | Reason |
|---|---|---|
| 2025-08-07 | nicole | Draft – initial term proposal |
| 2025-09-19 | nicole | Accepted – added to CAT-MIP registry |