Review potential matches
PreviousResolve unmatched componentsNextCreate an alias to link unmatched software to known software
Last updated
Last updated
© Copyright MedCrypt 2024, All rights reserved.
You can determine the likelihood of this potential match by checking the sample versions for the expected format, checking how many and which sources were used to identify the suggested match, and the type of match. A match based on CPE is considered the strongest match.
If the match was suggested via multiple sources, such as Alias and a PURL package manager, that is an even stronger match. Alias and User matches indicate that a user manually assessed this component to find the right match. Name is considered the weakest match.
Supplier
This is the organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows).
Details icon
Click this icon to about this possible match, including reported vulnerabilities over time, as well as known versions from the CVE. If these versions match those of your component and there are vulnerabilities that have been reported, this is likely the correct match.
Product name
This is what may be referred to as a component in other systems. It is the firmware, software, patches, or operating system that is installed on the physical representations of your device (e.g., Windows, OpenSSL).
Matched on
This shows the strength of the match. Refer to for more information.
Type
This shows the reliability of the match.
Exact match: This has an exact match in the NVD, which could include a PURL string (Cargo, NPM, Nuget, or Pypi package manager), CPE string, or name match.
Alias match: This component matches an existing alias.
Possible match: This component has a match in one or more sources. Check the Matched on column, then hover over those matching tokens for more information.
You can assess the likelihood that this is the correct match by viewing the trend of reported vulnerabilities over time and the known versions for this match suggestion. Multiple matches that have a trend of reported vulnerabilities and that match your component's versions (or at least version formats) are considered stronger matches.
Reported vulnerabilities over time
Multiple matches that have a trend of reported vulnerabilities indicate that this is a frequently-used component. If you don’t see many reported vulnerabilities over time, it is likely that this is not the correct match. Check that the component’s versions (or at least version formats) are considered strong matches.
Known versions
These are the known versions for this suggested match that are coming from the CVE vulnerability ID. Check that your component’s versions (or at least version formats) match these.