Jamf named CVE Numbering Authority

Jamf has been authorized by the Common Vulnerabilities and Exposures (CVE) program as a CVE Numbering Authority! Learn more about the CVE program and what this means for Jamf.

April 30 2024 by

Hannah Hamilton

Jamf security teams editing CVE entries related to Jamf products

The Common Vulnerabilities and Exposures (CVE) program aims to identify, define and catalog publicly-disclosed cybersecurity vulnerabilities. Vulnerabilities are discovered by members of the cybersecurity community and are published to the CVE list for other members to reference. CVEs in the list have standardized information, like the affected vendor, impact and vectors.

The CVE list helps organizations:

  • Keep up to date on the latest security threats
  • Create action plans to address vulnerabilities in their system
  • Collaborate with other cybersecurity professionals while working with consistent information

Vulnerabilities listed in the CVE database are also added to the U.S. National Vulnerability Database (NVD).

CVE numbering authorities

CVE numbering authorities, CNAs, assign CVE IDs and describe and publish information associated with vulnerabilities. CNAs publish CVEs within the scope of their responsibility. CNAs essentially create the CVE list for others to reference.

What this means for Jamf

Jamf can now seamlessly submit and update CVE records to the CVE list within the Jamf product scope, including our products, tools and open-source projects. This way, we can better inform the community about potential issues to help reduce the impact a vulnerability may have.

Have you identified a vulnerability?

If you would like to report a vulnerability you discovered in our products, you can:

See Jamf on the CVE website.