Weaknesses

Weaknesses are vulnerabilities and misconfigurations on your assets. The Weaknesses view highlights weaknesses on your assets and provides useful insights into those weaknesses, including descriptions, assets affected, criticality, and more.

Note: Only Active and Resurfaced vulnerabilities count towards your weaknesses.

To access the Weaknesses view:

  1. Access the Inventory View view.

    The Assets view appears by default.

  2. Click the Assets drop-down.

    A menu appears.

  3. Click Weaknesses.

    The Weaknesses view appears.

In the Weaknesses view, you can:

  • View the total number of weaknesses on assets within your container.

  • View the total number of new weaknesses discovered within the last 7 days.

  • View the total number of new weaknesses with a Vulnerability Priority Rating (VPR) greater than 7.

  • In the weakness type drop-down, filter the list by the following weakness types:

    • Misconfigurations

    • Vulnerabilities

    The weakness numbers at the top of the page and the weakness list update accordingly.

  • Use the Search box to search for a specific weakness in the list.

  • View a list of your weaknesses, including the following information:

    • Weakness Name — The Common Vulnerability Exposure (CVE) ID associated with the weakness.

    • Description — A brief description of the weakness.

    • Type — The type of weaknesses: Misconfiguration or Vulnerability.

    • Severity — The severity of the weakness, for example, Critical.

      Note: At this time, Tenable Inventory does not include information for Info level severity weaknesses.
      Note: Because Tenable One calculates CVEs using VPR and Tenable Cloud Security calculates using CVSS, you may notice a difference in severity across weaknesses between these applications.
    • VPR — The Vulnerability Priority Rating (VPR) of the weakness.

    • Impacted Assets — The number of assets impacted by the weakness. For more information, see Assets.

    • Choke Points — Instances of MITRE Att&ck techniques associated with this asset that are used in attack paths leading to critical assets. For more information, see Findings in the Attack Path Analysis User Guide.

      Tip: Click a choke point to navigate directly to the Findings page in the Attack Path Analysis user interface, filtered automatically by choke points that feature the weakness.
      Note: Because Attack Path Analysis aggregates the choke point by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in choke point counts between Weaknesses in Tenable Inventory and the sum of choke points within Attack Path Analysis.
    • Last seen — The date at which the weakness was last seen in a scan on the asset.

    • Sources — The application the weakness' asset originated from, for example, Tenable Vulnerability Management.

    • Click See details to view more details about a weakness. For more information, see View Weakness Details.