Weaknesses

Weaknesses are vulnerabilities and misconfigurations on your assets. The Weaknesses tab on the Inventory page highlights weaknesses on your assets and provides useful insights into those weaknesses, including descriptions, assets affected, criticality, and more.

Note: Only Active and Resurfaced vulnerabilities count towards your weaknesses.

To access the Weaknesses tab:

  1. Do one of the following:

    • In the left navigation menu, click Inventory > Weaknesses.

    • At the top of the Inventory page, click the Weaknesses tab.

    The Weaknesses tab appears.

In the Weaknesses tab, you can:

  • View the total number of weaknesses on assets within your container.

  • View the total number of new weaknesses discovered within the last 7 days.

  • View the total number of new weaknesses with a Vulnerability Priority Rating (VPR) greater than 7.

  • In the weakness type drop-down, filter the list by the following weakness types:

    • All Weakness Types

    • Misconfigurations

    • Vulnerabilities

    The weakness numbers at the top of the page and the weakness list update accordingly.

  • Use the Search box to search for a specific weakness in the list.

    1. Click Filter .

      The Add filter button appears.

    2. Click Add filter .

      A menu appears.

    3. Do one of the following:

      • To search the weakness list by tag, click Tags.

      • To search the weakness list by asset property, click Properties.

    4. In the search box, type the criteria by which you want to search the list.

      Tenable Exposure Management populates a list of options based on your criteria.

    5. Click the tag or property by which you want to filter the weakness list.

      A menu appears.

    6. Select how to apply the filter. For example, if you want to search for a weakness whose name is CVE-0000-0000, then select the contains radio button and in the text box, type CVE-0000-0000.

    7. Click Add filter .

      The filter appears above the asset list.

    8. Repeat these steps for each additional filter you want to apply.

    9. Click Apply filters.

      Tenable Exposure Management filters the list by the designated criteria.

    1. Click Export.

      The Export table plane appears.

    2. In the Columns to export section, select the checkbox for each column you want to include in the export file.

    3. (Optional) To include columns not currently in the table view, click Add more columns.

      The Add columns to export plane appears.

      1. Select the checkbox for each additional column you want to include in the export file.

    4. In the rows section, ensure the Current Page radio button is selected.

      Tip: Currently, you can only export the rows listed on the current page.

    5. Click Export .

      Tenable Exposure Management downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.

    1. Click Columns .

      The Customize columns window appears.

    2. (Optional) In the Reorder added columns section, click and drag any column name to reorder the columns.

    3. (Optional) In the Show/Hide section, select/delesect the checkboxes to show or hide columns in the table.

    4. (Optional) In the Remove section, click the button to permanently remove a column from the table.

    5. (Optional) To add columns to the table, click Add Columns.

      The Add columns to table window appears.

      1. (Optional) Use the search bar to search for a column property.

        The list of column properties updates based on your search query.

      2. Select the checkbox next to any column or columns you want to add to the table.

      3. Click Add.

        The column appears in the Customize columns window.

    6. (Optional) Click Reset to Defaults to reset all columns to their defaults.

    7. Click Apply Columns.

      Tenable Exposure Management saves your changes to the columns in the table.

  • View a list of your weaknesses, including the following information:

    • Weakness Name — The Common Vulnerability Exposure (CVE) ID associated with the weakness.

    • Description — A brief description of the weakness.

    • Weakness Type — The type of weaknesses: Misconfiguration or Vulnerability.

    • Severity — The severity of the weakness, for example, Critical.

      Note: At this time, Tenable Exposure Management does not include information for Info level severity weaknesses.
      Note: Because Tenable Exposure Management calculates CVEs using VPR and Tenable Cloud Security calculates using CVSS, you may notice a difference in severity across weaknesses between these applications.

    • VPR Score — The Vulnerability Priority Rating (VPR) of the weakness.

    • Impacted Assets — The number of assets impacted by the weakness. For more information, see Assets.

    • Top Attack Techniques — Instances of MITRE Att&ck techniques associated with this asset that are used in attack paths leading to critical assets. For more information, see Top Attack Techniques.

      Tip: Click a choke point to navigate directly to the Attack Techniques tab on the Attack Path page, filtered automatically by techniques that feature the weakness.
      Note: Because Tenable Exposure Management aggregates techniques by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in technique counts between the Weaknesses tab and the sum of choke points within the Top Attack Techniques tab.

    • Last seen — The date at which the weakness was last seen in a scan on the asset.

    • Sources — The application the weakness' asset originated from, for example, Tenable Vulnerability Management.

    • Click See details to view more details about a weakness. For more information, see View Weakness Details.