Vulnerabilities by Severity

Tenable assigns all vulnerabilities a severity level (Info, Low, Medium, High, Critical) based on the vulnerabilities static CVSS score. The score used (CVSSv2 or CVSSv3) is dependent on the configuration set within Tenable Vulnerability Management. CVSSv3 is currently the default severity selection in Tenable products. For Tenable Security Center, the CVSS version is controlled by a setting for each Organization by the administrator

Note: This setting does not affect Tenable Web App Scanning or Tenable Container Security vulnerabilities.

The Web Application Scanning Stats by CVSS Score widget displays summary counts by Severity for Tenable Web App Scanning findings. The widget highlights the Tenable Web App Scanning findings, which require the most attention, by using the severity filter to only display Medium, High, and Critical WAS findings.

The Web App Scanning - Statistics component for Tenable Security Center displays summary counts for Tenable Nessus and Tenable Web App Scanning findings. The component highlights the Tenable Web App Scanning findings, and Tenable Nessus scan results associated with web application plugin families (CGI abuses, and Web Servers) which require the most attention.