Committed to connecting the world


ITU-T Recommendations

Search by number:
Skip Navigation Links
Content search
Advanced search
Provisional name
ISO/IEC number
Formal description
Study Groups tree viewExpand Study Groups tree view

ITU-T X.1520 (01/2014)

عربي | 中文 | English | Español | Français | Русский
Common vulnerabilities and exposures
Recommendation ITU-T X.1520 on the use of the common vulnerabilities and exposures (CVE) provides a structured means to exchange information security vulnerabilities and exposures, which provides common names for publicly known problems in the commercial or open source software used in communication networks, end-user devices or any of the other types of information and communication technology (ICT) capable of running software. The goal of the Recommendation is to define the use of CVE to make it easier to share data across separate vulnerability capabilities (tools, repositories and services) with this common naming. This Recommendation defines the use of CVE to provide a mechanism for vulnerability databases and other capabilities to be used together, and to facilitate the comparison of security tools and services. CVE does not contain information such as risk, impact, fix information or detailed technical information. CVE only contains the standard identifier number with status indicator, a brief description and references to related vulnerability reports and advisories. The repository of CVE identifiers is available at
The intention of CVE, the use of which is defined in this Recommendation, is to be comprehensive with respect to all publicly known vulnerabilities and exposures. While CVE is designed to contain mature information, the primary focus is on identifying vulnerabilities and exposures that are detected by security tools and any new problems that become public, and then addressing any older security problems that require validation.
Series title: X series: Data networks, open system communications and security
  X.1500-X.1599: Cybersecurity information exchange
  X.1520-X.1539: Vulnerability/state exchange
Approval date: 2014-01-24
Provisional name:X.cve
Approval process:TAP
Status: In force
Maintenance responsibility: ITU-T Study Group 17
Further details: Patent statement(s)
Development history
Ed. ITU-T Recommendation Status Summary Table of Contents Download
2 X.1520 (01/2014) In force
1 X.1520 (04/2011) Superseded