Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is the public catalog of disclosed cyber security flaws, each assigned a unique identifier in the form CVE-YYYY-NNNN. The program is operated by MITRE under sponsorship of the US Cybersecurity and Infrastructure Security Agency (CISA), with severity scored separately by the CVSS scale. In shipping, CVE entries matter for shipboard operational technology and software: a published CVE in an ECDIS application, a satellite-communication terminal, or a programmable logic controller tells operators which patch to prioritize. CVEs feed patch management and vulnerability assessment under a maritime cyber risk management plan.