View Web App Scanning Vulnerability Details

Required Additional License: Tenable Web App Scanning

Required Tenable Nessus Version: 10.6.1 or later

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

You can drill into web app scanning vulnerabilities to view details for each vulnerability instance found on your network.

Tip: A vulnerability instance is a single instance of a web app vulnerability appearing on an asset, identified uniquely by plugin ID, port, protocol, URL, input type, input name, and HTTP method.

To view web app scanning vulnerability instance details:

Log in to Tenable Security Center via the user interface.
Click Analysis > Web App Scanning.

The Web App Scanning page appears.

In the drop-down box, click Web App Vuln Detail List.

The Web App Vuln Detail List tool appears.

In this tool, you can:

Section	Actions
Options menu	Export data as a .csv or a .pdf file, as described in Export Web App Scanning Data. Set this view as your default view. Switch between viewing cumulative vulnerabilities or mitigated vulnerabilities, as described in View Cumulative or Mitigated Vulnerabilities. Save an asset. Open a ticket, as described in Open a Ticket. Save a query, as described in Add or Save a Query.
arrows	Click the arrows to view other vulnerability instances related to the plugin.
toolbar	Create an accept risk rule, as described in Add an Accept Risk Rule. Create a recast risk rule, as described in Add a Recast Risk Rule.
Synopsis and Description	View information about the plugin, vulnerability instance, and affected assets.
See Also	View related links about the plugin or vulnerability.
Affected Host Asset	View details about the affected host asset, as well as the plugin output.
Discovery	View details about when the vulnerability was first discovered and last observed on your network.
Asset Criticality Rating	View the ACR value for the vulnerability. For more information about ACR values, see Asset Criticality Rating in the Tenable Vulnerability Management User Guide.
Asset Exposure Score	View the AES value for the vulnerability. For more information, about AES values, see Asset Exposure Score in the Tenable Vulnerability Management User Guide.
Risk Information	View metrics (for example, CVSS score, VPR, and EPSS) about the risk associated with the vulnerability.
Exploit Information	View details about the exploit.
Plugin Details	View details about the plugin.
Attachments	View related attachments for the vulnerability, including the HTTP request and response.