Feedly’s Vulnerability Intel Agent now includes powerful CVSS vector filters that give you precise control over CVE prioritization based on attack methods and impact. Instead of relying solely on CVSS scores, you can now target vulnerabilities based on how they are exploited and which systems they affect.
Filters use Boolean logic (AND/OR/NOT) across a variety of attributes, including new CVSS vector components that break down vulnerability attributes based on attack surface and prerequisites.
Here are seven examples that show how CVSS vector filters help you quickly find vulnerabilities that pose a threat to your environment.
Understanding CVSS Vector Components
New CVSS vector filters transform abstract CVSS scores into practical intelligence:
attack vector Tells you the reach of the vulnerability. Network means accessible from anywhere online. Adjacent networks mean similar network segments. Local requires system access. Physical requires personal access.
privilege required Indicates whether an attacker needs existing system rights. “None” means unproven attacks. “Low” means that a basic user can take advantage of it. “High” would require admin or system access to exploit the CVE.
user interaction Shows whether social engineering or user action is required. “None” means that this is a completely automated exploit. “Required” means you have a window to detect and block.
Scope of Impact (Confidentiality, Integrity, Availability) Makes the danger clear. High “availability” impact means service disruption. High “confidentiality” indicates data exposure. High “integrity” would involve system compromise or data modification.
scope change Shows whether vulnerability crosses the boundaries of trust. “Changed scope” implies that lateral movement, privilege escalation, or cross-component attacks are now possible.
Example 1: Which unpatched vulnerabilities require zero attacker prerequisites and are likely to be exploited?
Identify the most aggressive classes of threats: those that are actively exploited and can be exploited upon delivery. This filter combines real-world exploit conditions with “spoofable” characteristics (no privileges required, no user interaction). Since there are no patches available for these vulnerabilities, consider implementing compensating controls or detection mechanisms around affected systems.
filter configuration
(Privileges Required: None)
AND
(User Interaction: None)
AND
(Exploited) OR (Proof of Concept) OR (Weaponized) OR (CISA KEV)
AND
(Attack Vector: Network)
NOT
(Patched)Result
Example 2: Which remote vulnerabilities threaten your service availability?
When your organization relies heavily on service availability, you need to identify vulnerabilities that could result in remotely exploitable denial of service attacks. This filter combines high availability impact with network attack vectors to reveal vulnerabilities that could allow remote attackers to take your services offline. These high-impact risks and threats are a major concern for customer-facing apps and core infrastructure, where downtime directly impacts your business.
filter configuration
(Availability Impact: High)
AND
(Attack Vector: Network)Result
Example 3: Which exploited CVEs are most likely to be exploited remotely?
Identify vulnerabilities that are being actively exploited and can be remotely exploited. This filter focuses on vulnerabilities that have proof of concept or that have been proven to be exploitable and accessible across the network. Combining evidence of real-world exploits with network attack vectors confirms that adversaries are already using these techniques or will at least try; Verify if your external facing infrastructure has been targeted.
filter configuration
(Exploited) OR (Proof of Concept) OR (Weaponized) OR (CISA KEV)
AND
(Attack Vector: Network)Result
Example 4: Which remote vulnerabilities pose a greater risk of data theft?
Protect your organization from external data breaches by targeting vulnerabilities that could allow a remote attacker to compromise the confidentiality of your data. By combining high privacy impact with a network attack vector, you identify CVEs that allow intrusion or access of sensitive information, such as customer records or proprietary code, without requiring physical or local access to the system.
filter configuration
(Confidentiality Impact: High)
AND
(Attack Vector: Network)Result
Example 5: Which vulnerabilities expose data without user interaction?
Look for “silent” risks where data is exposed without the user clicking on a link or opening a file. High privacy impact and no contact with the user means attackers can automate data theft. These vulnerabilities are particularly dangerous for backend systems and databases that process sensitive information, as exploitation can occur in the background without alerting employees.
filter configuration
(Confidentiality Impact: High)
AND
(User Interaction: None)Result
Example 6: Which vulnerabilities have easy consequences for threat actors?
Low attack complexity attacks require minimal effort to exploit, but can have a huge impact on your network and are low-hanging fruit for threat actors. Add in the network vector, and threat actors can attack these vulnerabilities remotely. These attacks are usually some form of injection or cross-site script.
filter configuration
(Attack Complexity: Low)
AND
(Attack Vector: Network)Result
Example 7: Which weaknesses allow lateral movement (scope change)?
Track scope-changing vulnerabilities as they can expand the attack surface beyond the initial vulnerable component. When the scope changes from “unchanged” to “changed”, the vulnerability can directly affect systems outside the vulnerable component. When combined with network or adjacent network attack vectors, these CVEs represent dangerous situations in which compromising one system can lead to unauthorized access to others. This is especially important in cloud deployments, containerized environments, and fragmented networks, where lateral movement can cause cascade failure.
filter configuration
(Scope: Changed)
AND
(Attack Vector: Network) OR (Attack Vector: Adjacent Network)Result
Get started with prioritizing with CVSS vector filters
CVSS can do more than just help you prioritize vector data patches. Vulnerability management is actually a good place to start looking for threats because you’re dealing with real vulnerabilities in your stack, not theoretical threats. Use the scan results to identify the vulnerabilities that exist in your environment and then apply these filters to begin discovering the attack paths that exist.
Try the Vulnerability Agent available in Feedly Threat Intelligence
Prioritize CVEs based on how they are exploited, not just their severity score.
start free Trial
