- What is the Salesforce CNA?
- Salesforce is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 44 CVE records since 2019.
- How many CVEs has Salesforce published?
- Salesforce has published 44 CVE records, including 32 in the last two years.
- What is Salesforce's CVE data quality grade?
- RadicalNotion.AI grades Salesforce's CVE data quality as D, with an overall completeness score of 63.7%. This reflects how consistently its CVE records include vendor (77.3%), product (100%), CVSS (2.3%), and CWE (75%) information.
- What products does Salesforce publish CVEs for?
- Salesforce most frequently publishes CVEs for Tableau Server, linux kernel, windows, Marketing Cloud Engagement, OmniStudio.
- Which vendors does Salesforce cover?
- Salesforce publishes CVEs across 3 distinct vendors, most often Salesforce, Inc., tableau, linux, microsoft, MuleSoft.
- Is Salesforce actively publishing CVEs?
- Salesforce is currently active, based on 32 CVEs in the last two years.
- What is the average severity of Salesforce's CVEs?
- The average CVSS base score across Salesforce's scored CVEs is 9.8.
- How many critical CVEs has Salesforce published?
- Salesforce has published 14 critical-severity CVEs and 21 high-severity CVEs.
- Are any of Salesforce's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of Salesforce's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in Salesforce's CVEs?
- Salesforce's CVEs most often map to these CWE weakness types: CWE-281 (Improper Preservation of Permissions), CWE-1427 (Improper Neutralization of Input Used for LLM Prompting), CWE-918 (Server-Side Request Forgery (SSRF)), CWE-434 (Unrestricted Upload of File with Dangerous Type).
- How does Salesforce rank among CNAs?
- By total CVE volume, Salesforce ranks #180 of 370 CNAs, and it reports more complete CVE records than 16% of all CNAs.