Skip to main content

CPE Dictionary

The CPE (Common Platform Enumeration) Dictionary is a structured naming scheme for information technology systems, software, and packages. NopeSight uses CPE identifiers to accurately match discovered software with known vulnerabilities.

Accessing the CPE Dictionary

  1. Navigate to SAM in the main menu
  2. Under Vulnerability Management, click CPE Dictionary

Understanding the CPE Dictionary

CPE Dictionary

Summary Statistics

The top of the page displays counts by CPE type:

MetricDescription
Total CPEsComplete count of CPE entries in the dictionary
ApplicationsSoftware applications (part='a')
Operating SystemsOperating systems (part='o')
HardwareHardware devices (part='h')

Filtering Options

Use the filter controls to narrow down the dictionary:

  • Search: Search by vendor, product name, or CPE identifier
  • Type: Filter by CPE type (Application, Operating System, Hardware)

Understanding CPE Structure

CPE identifiers follow a standardized format:

cpe:2.3:a:microsoft:edge:120.0.2210.91:*:*:*:*:*:*:*

Breaking this down:

ComponentValueMeaning
cpe:2.3VersionCPE specification version
aPartApplication (a), Operating System (o), or Hardware (h)
microsoftVendorSoftware vendor name
edgeProductProduct name
120.0.2210.91VersionSpecific version
*UpdateUpdate/patch level (wildcard = any)
*EditionProduct edition
*LanguageLanguage
*SW EditionSoftware edition
*Target SWTarget software
*Target HWTarget hardware
*OtherOther attributes

CPE Table Columns

ColumnDescription
TypeApplication, Operating System, or Hardware
VendorSoftware vendor or manufacturer
ProductProduct name
VersionSpecific version number
TitleHuman-readable product title
StatusActive or deprecated
ActionsView details or related CVEs

Using the CPE Dictionary

Verify Software Identification

When reviewing discovered software, you can verify how it's being identified:

  1. Search for the software name
  2. Verify the CPE matches the installed version
  3. Check that the vendor mapping is correct

Research Affected Products

To understand which products are affected by a specific vulnerability:

  1. From a CVE entry, note the affected CPEs
  2. Search the CPE Dictionary for those identifiers
  3. Verify if the products match your inventory

Troubleshoot Vulnerability Matching

If vulnerabilities aren't appearing as expected:

  1. Find the software in the CPE Dictionary
  2. Verify the version information is correct
  3. Check if the CPE is marked as Active
  4. Review related CVEs for that CPE

CPE Types Explained

Applications (Part = 'a')

Software applications including:

  • Web browsers (Chrome, Firefox, Edge)
  • Office suites (Microsoft Office, LibreOffice)
  • Development tools (Visual Studio, Eclipse)
  • Utilities and tools
  • Server applications (Apache, MySQL, SQL Server)

Operating Systems (Part = 'o')

Operating systems including:

  • Windows Server versions
  • Windows Desktop versions
  • Linux distributions (Ubuntu, RHEL, CentOS)
  • macOS versions
  • Unix variants

Hardware (Part = 'h')

Hardware devices including:

  • Network equipment (routers, switches)
  • Printers and peripherals
  • IoT devices
  • Specialized equipment

How CPE Matching Works

NopeSight automatically matches discovered software to CPE identifiers:

  1. Discovery: Software name and version collected during scans
  2. Normalization: Software names are standardized
  3. CPE Lookup: Matching CPE identifier is found
  4. CVE Correlation: Related vulnerabilities are identified
  5. Version Checking: Only vulnerabilities affecting the specific version are reported

Version-Aware Matching

Not all vulnerabilities affect all versions. NopeSight checks:

  • versionStartIncluding - First affected version
  • versionEndExcluding - First fixed version
  • versionStartExcluding - Versions after this are affected
  • versionEndIncluding - Last affected version

This ensures only relevant vulnerabilities are reported for your specific software versions.

Refreshing the Dictionary

Click the Refresh button to synchronize the latest CPE data. This updates:

  • New products added to the dictionary
  • Version updates for existing products
  • Deprecated CPE identifiers
Best Practice

The CPE dictionary is updated automatically, but you can manually refresh after major software deployments to ensure new applications are properly identified.