# [HIGH] Security in context: When is a CVE not a CVE?

**Source:** Snyk
**Published:** 2021-12-17
**Article:** https://snyk.io/blog/when-is-a-cve-not-a-cve/

## Threat Profile

Snyk Blog In this article
Written by Matt Jarvis 
Asaf Biton 
December 17, 2021
0 mins read At Snyk we have some general points of principle that we use to help guide our security thinking and decision making.
Firstly, it is always important to understand from whom we are protecting , as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clea…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2021-4104`
- **CVE:** `CVE-2021-42550`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2021-4104`, `CVE-2021-42550`


## Why this matters

Severity classified as **HIGH** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.