View Weakness Details

In the Weaknesses view, you can view details for any weakness in the list.

To view weakness details:

  1. Access the Weaknesses view.

  2. In the row of the weakness for which you want to view details, click See details.

    The weakness details page appears.

On the weakness details page, you can:

  • View the Weakness Name.

  • View the Severity of the weakness, for example, Critical.

    Note: Because Tenable One calculates CVEs using VPR and Tenable Cloud Security calculates using CVSS, you may notice a difference in severity across weaknesses between these applications.

  • View the Vulnerability Priority Rating (VPR) of the weakness.

  • View the number of Impacted Assets associated with the weakness.

    • Click See Details to view the list of included assets.

  • View the Choke Points for the weakness.

    Tip: A choke point is a place where potential attack paths merge together before reaching a critical asset. Attack Path Analysis uses Choke Point priority as a prioritization metric for attack techniques based on the number of attack paths exploiting the attack, the number of critical assets it leads to, and complexity of the attack. Tenable recommends focusing on areas with higher choke points first, as remediating those will negate the largest number of critical items within your organization.
    Note: Because Attack Path Analysis aggregates the choke point by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in choke point counts between Weaknesses in Tenable Inventory and the sum of choke points within Attack Path Analysis.

    • Hover over the priority to view the full breakdown of the choke points associated with the weakness, and their relative criticalities.

    • Click the metric to navigate directly to the Findings page in the Attack Path Analysis user interface, filtered automatically by attack paths that feature the weakness.

  • View the date at which the weakness was Last Seen in a scan on the asset.

  • View the date at which the weakness was First Seen in a scan on the asset.

  • View the date at which the weakness was Last Modified.

  • View the weakness' Publication Date.

  • View a Description of the weakness.

  • This list includes the following information:

    • Name — The asset identifier. Tenable Inventory assigns this identifier based on the presence of certain asset attributes in the following order:

      1. Agent Name (if agent-scanned)

      2. NetBIOS Name

      3. FQDN

      4. IPv6 address

      5. IPv4 address

      For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Asset Name.

    • AES — The Asset Exposure Score for the asset. The AES represents the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.

      Note:Tenable Inventory does not calculate an AES for unlicensed assets.

    • Class — The class type associated with the asset. For more information, see Asset Classes.

    • Weaknesses — The weaknesses associated with the asset. For more information, see Weaknesses.

      Tip: Click on a Weakness count to navigate directly to the Weaknesses view.

    • Choke Points — The number of places where this weakness could potentially meet with another attack path before reaching a critical asset.

      Tip: Attack Path Analysis uses Choke Point priority as a prioritization metric for attack techniques based on the number of attack paths exploiting the attack, the number of critical assets it leads to, and complexity of the attack.

      • Hover over the priority to view the full breakdown of the choke points associated with the weakness, and their relative criticalities.

      • Click the button to navigate directly to the Findings page in the Attack Path Analysis user interface, filtered automatically by attack paths that feature the weakness.

    • Number of tags — The number of tags applied to the asset. For more information on tagging an asset, see Tag Assets via the Assets View.

    • Last updated — The date and time at which the asset was last updated.

    • Sources — The application the asset originated from, for example, Tenable Vulnerability Management.

    • Click See details to view more details about an asset. For more information, see View Asset Details.

  • At the bottom of the page, view any Plugin Output associated with the weakness.