You have CVE's and want to see if they impact your product.

3.x

You want to see if you are vulnerable to a CVE

• The best place to review a CVE status would be through reviewing a product's release notes.
• VMware discloses vulnerabilities in VMware Security Advisories. VMSAs include the following information:

• • Qualitative Severity Information
  • CVSS Scoring
  • Impacted product suites that are currently supported
  • Vulnerability Descriptions
  • Currently Known Attack Vectors
  • Remediation Information
  • Workarounds for Critical Severity Vulnerabilities (if possible)
  • Notes containing confirmation if exploitation is happening in the wild

• Photon Security Advisories are similar to VMSA except they apply to Photon OS specifically.