Weakness Details

Required User Role: Basic, Scan Operator, Standard, Scan Manager, Administrator, or Custom Role

In the Weaknesses view, you can view details for any weakness in the list.

To view weakness details:

  1. Access the Weaknesses view.

  2. In the row of the weakness for which you want to view details, click See details.

    The weakness details page appears.

On the weakness details page, you can:

  • View the Weakness Name.

  • View the Severity Level of the weakness, for example, Critical.

    Note: Because Tenable Exposure Management calculates CVEs using VPR and Tenable Cloud Security calculates using CVSS, you may notice a difference in severity across weaknesses between these applications.

  • View the Vulnerability Priority Rating (VPR) of the weakness.

  • View the number of Impacted Assets associated with the weakness.

    • Click See Assets to scroll down to the full list of impacted assets.

  • View the Top Attack Techniques for the weakness.

    Note: Because Tenable Exposure Management aggregates techniques by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in technique counts between the Weaknesses view and the sum of choke points within the Top Attack Techniques view.

    • Hover over the priority to view the full breakdown of the techniques associated with the weakness, and their relative criticalities.

    • Click the metric to navigate directly to the Top Attack Techniques view, filtered automatically by attack path techniques that feature the weakness.

  • View the date at which the weakness was Last Seen in a scan on the asset.

  • View the date at which the weakness was First Seen in a scan on the asset.

  • View the date at which the weakness was Last Modified.

  • View the weakness' Publication Date.

  • View a Description of the weakness.

  • View a list of Properties associated with the weakness. These can include, but are not limited to:

    Note: The properties displayed in this section depend on the type of weakness for which you are viewing details.

    • Weakness ID — The Common Vulnerability Exposure (CVE) ID associated with the weakness.

    • Weakness Type — The type of weakness: Misconfiguration or Vulnerability.

    • Detection Family — The detection family associated with detecting the weakness, for example, CVEs.

  • View a table list of the Impacted Assets associated with the weakness. This list includes the following information:

    • Name — The asset identifier. Tenable Exposure Management assigns this identifier based on the presence of certain asset attributes in the following order:

      1. Agent Name (if agent-scanned)

      2. NetBIOS Name

      3. FQDN

      4. IPv6 address

      5. IPv4 address

      For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Asset Name.

    • AES — The Asset Exposure Score for the asset. The AES represents the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.

      Note:Tenable Exposure Management does not calculate an AES for unlicensed assets.

    • Class — The class type associated with the asset. For more information, see Asset Classes.

    • Weaknesses — The weaknesses associated with the asset. For more information, see Weaknesses.

      Tip: Click on a Weakness count to navigate directly to the Weaknesses view.

    • Top Attack Techniques — Instances of MITRE Att&ck techniques associated with this asset that are used in attack paths leading to critical assets. For more information, see Top Attack Techniques.

      Tip: Click a choke point to navigate directly to the Top Attack Techniques view on the Attack Path page, filtered automatically by techniques that feature the weakness.
      Note: Because Tenable Exposure Management aggregates techniques by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in technique counts between the Weaknesses view and the sum of choke points within the Top Attack Techniques view.

    • Top Attack Paths — Instances of attack paths associated with this asset that lead to critical assets. For more information, see Top Attack Paths.

      Tip: Click a choke point to navigate directly to the Top Attack Paths view on the Attack Path page, filtered automatically by attack paths that feature the weakness.

    • Associated Tags — The number of tags applied to the asset. For more information on tagging an asset, see Tag Assets via the Assets Page.

    • Last updated — The date and time at which the asset was last updated.

    • Click See details to view more details about an asset. For more information, see Asset Details.