Vulnerability Details

On the Vulnerability Details page, you can do the following:

Section Action
Right section
Plugin Details

View information about the plugin that identified the vulnerability. Details include:

  • Publication Date — The date on which the plugin that identified the vulnerability was published.
  • Modification Date — The date on which the plugin was last modified.
  • Family — The family of the plugin that identified the vulnerability.
  • Type — The general type of plugin check (for example, local or remote).
  • Plugin ID — The ID of the plugin that identified the vulnerability.
Exploitability Information

View information about the vulnerability when the Exploit Available filter is applied. See Vulnerability Filters for more information.

Discovery

View information about when the vulnerability was discovered. Details include:

  • First Seen — The date when a scan first found the vulnerability on an asset.
  • Last Seen — The date when a scan last found the vulnerability on an asset.
  • Age — The number of days since a scan first found the vulnerability on an asset in your network.
VPR Key Drivers

View details about the key drivers Tenable used to calculate a VPR for the vulnerability. For more information about VPR key drivers, see CVSS vs. VPR.

Risk Information

View information about the risk that the vulnerability poses to your network. Details include:

  • Vulnerability Priority Rating (VPR) — The VPR Tenable calculated for the vulnerability.
  • Risk Factor — The CVSS-based risk factor associated with the plugin.
  • CVSS Base Score — The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
  • CVSS Vector — The raw CVSSv2 metrics for the vulnerability. For more information, see CVSSv2 documentation.

For more information, see CVSS vs. VPR.

Vulnerability Information

View information about the vulnerability that the plugin identified. Details include:

  • Vuln Published — The date when the vulnerability definition was first published (for example, the date that the CVE was published).
  • Exploitability — Characteristics of the vulnerability that factor into its potential exploitability. Roll over the exploitability icons to view descriptions of characteristics.
  • Patch Published — The date on which the vendor published a patch for the vulnerability.
  • CPE — The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies.
Reference Information

View a list of references to third-party information about the vulnerability, exploit, or update associated with the plugin. Details include:

  • CVE — Link to external documentation of a CVE that the plugin identifies.
Upper-right corner
Date range selector
  • Change the date range for data showing on the tabs.For more information, see Tenable.io Tables.
  • Bottom section
    Assets Affected

    View information about vulnerability instances on assets in your network. Details include:

    • Time Since First Seen widgets for the vulnerability instances in your network.
    • A table listing the vulnerability instances that scans have identified on your assets.

    Note: Tenable.io displays only the first 500 affected assets.

    On this tab, you can:

    • Filter the vulnerability instances table using various attributes.
    • Search the vulnerability instances table. For more information, see Tenable.io Tables.

      Note: Tenable.io returns assets for which hostname/IP address starts with the specified text. For example, searching "192" returns only results that start with the same characters, such as "192.0.2.202" and "192.0.2.50."

    • Copy output for the plugin that identified the vulnerability instance.
    • Export vulnerability instance data.
    • Recast the vulnerability's severity, or accept the related risk.
    • Launch a remediation scan for the vulnerability on one or more assets.

    • Click a row in the vulnerability instances table to view asset details.
    Output

    View additional details about the plugin that identified the vulnerability. This tab contains information about the vulnerability and a table listing vulnerability instances on your network.

    When you access the Vulnerability Details page, this tab is active by default.

    Details on this tab include:

    • Description — The description of the Tenable plugin that identified the vulnerability.
    • Solution — A brief summary of how you can remediate the vulnerability.
    • See Also — Links to external websites that contain helpful information about the vulnerability.
    • Output — The text output of the Nessus scanner that identified the vulnerability.

      Note: Output for an individual plugin is limited to 1,024 KB (1 MB).

    In the Output section of the Details tab, you can:

    • Export vulnerability instance data.
    • Copy plugin output to your computer's clipboard.
    • View plugin attachments.
    • Launch a remediation scan for the vulnerability on one or more assets.
    • Click a row in the vulnerability instances table to view asset details.