Vulnerability Metrics
In the right-hand Vulnerability Metrics pane, review key details in the following sections.
General Information
In the General Information section, review when a vulnerability was first discovered, how exploitable it is, and other details.
|
Field |
Description |
|---|---|
|
Tenable Discovery Date |
Indicates the date Tenable first discovered the vulnerability. |
|
NVD Published Date |
Indicates the date that the National Vulnerability Database (NVD) added the vulnerability. |
|
Exploitability |
Describes how easy it is to exploit the vulnerability (for example, Low Complexity, Network Exploitability). |
|
Exploit Maturity |
The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources. |
|
First Proof of Concept |
Indicates the date the first proof of concept for the vulnerability was released. |
|
First Functional Exploit |
Indicates the date the first functional exploit for the vulnerability was released. |
Risk Profile
In the Risk Profile section, see if the Tenable Research Team is tracking a vulnerability, learn which categories it belongs to, and find out if it can be exploited from a remote network.
|
Field |
Description |
|---|---|
|
Categories |
Indicates the categories the vulnerability belongs to, as described in Vulnerability Categories. Most vulnerabilities do not have a category. |
|
Tenable Research Watchlist |
Indicates that Tenable is actively monitoring the vulnerability since it is being publicly discussed, has a viable proof of concept, and/or is widely used. |
|
Remotely Exploitable |
Indicates if the vulnerability can be exploited from a remote network. |
|
Proof of Concept Available |
Indicates if Tenable has identified a proof of concept for this vulnerability. |
Severity Metrics
In the Severity Metrics section, view Common Vulnerability Scoring System (CVSS) v2, v3, or v4, depending on which are available, along with their vector strings.
|
Field |
Description |
|---|---|
|
CVSSv4 Base Score |
Indicates the CVSSv4 score. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
|
CVSSv4 Vector |
Lists a vector string with the values used to calculate the CVSSv4 score, for example: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. To learn more, see the CVSSv4 calculator on the FIRST website. |
|
CVSSv3 Base Score |
Indicates the CVSSv3 score. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
|
CVSSv3 Vector |
Lists a vector string with the values used to calculate the CVSSv3 score, for example: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. To learn more, see the CVSSv3 calculator on the FIRST website. |
|
CVSSv2 Base Score |
Indicates the CVSSv2 score. When not available from NVD, Tenable determines this score. |
|
CVSSv2 Vector |
Lists a vector string with the values used to calculate the CVSSv2 score. |
Latest Plugin Coverage
In the Latest Plugin Coverage section, view the most recent Tenable Nessus and Tenable Web App Scanning plugins to detect the vulnerability. Click the links to view plugin details on Tenable’s website.
|
Field |
Description |
|---|---|
|
Nessus |
Lists the release date of the newest Tenable Nessus plugin to identify the vulnerability. |
|
Web App Scanning |
Lists the release date of the newest (Undefined variable: WebApplicationScanning.WAS) plugin to identify the vulnerability. |