A CMDB, or configuration management database, is a system of record for IT assets and the relationships between them. It tracks configuration items such as servers, applications, cloud resources, network devices, and services, along with how they depend on one another. In practice, a CMDB is only useful when its data is current, complete, and continuously refreshed by discovery tools and operational processes.
In cyber security, a CMDB matters because defenders need to know what is affected before they can respond correctly. If a server is compromised, the CMDB can help identify the linked applications, business services, and downstream systems that may also be at risk. Attackers can exploit the same complexity when stale or missing relationship data leads teams to miss dependencies, prioritize the wrong systems, or route remediation incorrectly. A trustworthy CMDB supports vulnerability prioritization, impact analysis, change control, and faster incident triage, but weak data quality can create a false sense of control.