I have looked for a long time top find what the "vulnerable" field of the "cpe_match" section of the "configurations" is. Most of the time that field is true, but there are CVEs where it is false. For example, CVE-2003-0947:
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
...
I have read the specs on the NIST NVD pages, searched duckduckgo and google, and looked at other sites that talk about CPEs and CVEs. I would appreciate any help.
