Some vulnerability entries contain information and links about existing exploits. An exploit is a tutorial or software, which helps to execute or automate the exploitation of a vulnerability.
Such an exploit might have a specific level of exploitability, also called exploit code maturity. The exploitability definition on VulDB uses the same metric levels like CVSSv2 and CVSSv3. CVSSv4 retired this metric and introduced a similar sounding threat metric called exploit maturity which is focussing on exploit activities rather than exploit quality levels. Our definitions are slightly enhanced and shown in the table below.
|A / P
|A professionalized exploit is available with a very high level of reliability, the possibility to change options, and solid error handling. Such an exploit is easy-to-use by attackers not familiar with the technical details of the underlying vulnerability.
|Metasploit module, NMAP NSE skript
|A / P
|A solid exploit is available which provides mostly reliable exploit capabilities that work in most scenarios.
|enhanced skript, basic exploit implementation
|A simple exploit is available which illustrates the basic functionality of exploitation, without a certain level of reliability, no customization possibilities, and no error handling.
|static URL, Curl statement, simple shell skript
|No exploit is available, or an exploit is entirely theoretical.
|exploit is private, no public exploit available
|The exploitability level is not defined. This is the case when no information about an exploit is available.
|no information about exploits available
The exploitability level is one of tha major factor that impacts the calculation of exploit prices. We may recommend our unique CTI activity scores for a better and more accurate predictive identification of emerging and executed exploit activities.
Do you want to use VulDB in your project?
Use the official API to access entries easily!