Vulnerability Findings Details

Required Tenable.io Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Findings page, you can click a vulnerability finding to view basic details about the finding in the preview panel. You can view more details about the vulnerability finding on the Vulnerability Details page.

The following tables describe the information that appears in each option:

Preview Panel
Vulnerability Details

Preview Panel

The preview panel shows the following details about the host vulnerability finding:

Section	Description
Left section
Header	The name of the plugin that detected the vulnerability identified in the finding.
Asset Information	Information about the affected asset, including: Asset ID — The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable.io. Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable.io. IPV4 Address — The IPv4 address for the affected asset. IPV6 Address — The IPv6 address for the affected asset. Operating System — The operating system that the scan identified as installed on the affected asset. System Type — The system type for the affected asset, determined by plugin data. Network — The name of the network object associated with scanners that identified the asset. The default network name is Default. For more information about networks, see Networks. DNS (FQDN) — The fully qualified domain name of the host on which the vulnerability identified in the finding was detected.
Additional Information	The number of resources that failed to comply with the configured policies. Click this number to go to the Cloud Misconfigurations tab and view the affected resources.
Asset Scan Information	Information about the scan that detected the vulnerability, including: First Seen — The date when a scan first found the vulnerability on an asset. Last Seen — The date when a scan last found the vulnerability on an asset. Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field. Source — The source of the scan that detected the vulnerability on the affected asset. Scan Origin — The scanner that detected the finding. It also helps identify whether the scan is a work-load scan. Possible values for this column are: Tenable.io, Tenable.sc, and Agentless Assessment.
Reference Information	Industry resources that provide additional information about the vulnerability.
Center section
Vulnerability Information	Information about the vulnerability detected in the finding, including: Severity — The severity of the vulnerability on the finding. Plugin ID — The ID of the plugin that identified the vulnerability. CVSSV3 Base Score — The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). CVSSV3 Vector — More CVSSv3 metrics for the vulnerability. CVSSV2 Base Score — The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). CVSSV2 Vector — More CVSSv2 metrics for the vulnerability. Port — The port that the scanner used to connect to the asset where the scan detected the vulnerability. Protocol — The protocol the scanner used to communicate with the asset where the scan detected the vulnerability. Live Results — This column indicates whether the scan result is based on live results. In Agentless Assessment, you can use live results to view scan results for new plugins based on the most recently collected snapshot data, without running a new scan. The possible values are Yes or No. For more information, see Live Results for Agentless Assessment.
Discovery	Information about when Tenable.io first discovered the vulnerability, including: First Seen — The date when a scan first found the vulnerability on an asset. Last Seen — The date when a scan last found the vulnerability on an asset.
VPR Key Drivers	Information about the key drivers Tenable used to calculate a VPR for the vulnerability identified in the finding, including: VPR Score — The Vulnerability Priority Rating (VPR) of the vulnerability. For more information, see CVSS vs. VPR. Threat Recency — The number of days (0-730) since a threat event occurred for the vulnerability. Threat Intensity — The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High. Exploit Code Maturity — The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories. Age of Vuln — The number of days since the National Vulnerability Database (NVD) published the vulnerability. Product Coverage — The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High. CVSS3 Impact Score — The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable.io shows a Tenable-predicted score. Threat Sources — A list of all sources (for example, social media channels, the dark web) where threat events related to this vulnerability occurred. If the system did not observe a related threat event in the past 28 days, the system shows No recorded events.
Right section
Description	The description of the Tenable plugin that identified the vulnerability. The description appears in the Overview tab.
Solution	A brief summary of how you can remediate the vulnerability. The solution appears in the Overview tab.
Plugin Output	Details about vulnerability that the plugin detected on your assets.

Vulnerability Details Page

The Vulnerability Details page shows the following details about the vulnerability detected in the finding:

Section	Description
Top section
Description	A description of the Tenable plugin that identified the vulnerability detected in the finding.
Solution	A brief summary of how you can remediate the vulnerability detected in the finding. This section appears only if an official solution is available.
See Also	Links to external websites that contain helpful information about the vulnerability detected in the finding.
Lower section
Asset Information	Information about the affected asset, including: Asset ID — The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable.io. Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable.io. IPV4 Address — The IPv4 address for the affected asset. Operating System — The operating system that the scan identified as installed on the affected asset. System Type — The type of operating system that the scan identified as installed on the affected asset.
Cloud Misconfigurations	The number of resources that failed to comply with the configured policies. Click this number to go to the Cloud Misconfigurations tab and view the affected resources.
Asset Scan Information	Information about the scan that detected the vulnerability, including: First Seen — The date when a scan first found the vulnerability on an asset. Last Seen — The date when a scan last found the vulnerability on an asset. Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field. Source — The source of the scan that detected the vulnerability on the affected asset. Scan Origin — The scanner that detected the finding. It also helps identify whether the scan is a work-load scan. Possible values for this column are: Tenable.io, Tenable.sc, and Agentless Assessment.
Additional Information	Additional information about the vulnerability findings, including: Network —The name of the network object associated with scanners that identified the finding. The default network name is Default. For more information, see Networks. DNS (FQDN) — The fully qualified domain name of the host on which the vulnerability identified in the finding was detected. MAC Address — The static Media Access Control (MAC) address for the affected asset. Tenable ID — The unique identifier for the Tenable account associated with the affected asset. Installed Software — Software that a scan identified on the affected asset.
Right section
Actions	Export — Select this to export the finding. See Export Findings. Recast — Select this to recast the finding. See Create Recast/Accept Rules in Findings. Launch Remediation Scan — Select this to launch remediation scan. See Launch a Remediation Scan. View all findings — Select this link to navigate to the Findings page.
Vulnerability Priority Rating (VPR)	(Requires Lumin license) A descriptive icon indicating the VPR of the vulnerability. For more information, see CVSS vs. VPR.
Finding State	A descriptive icon indicating the state of the vulnerability. For more information, see Vulnerability States.
Vulnerability Information	Information about the vulnerability that the plugin identified, including: Severity — The severity of the vulnerability on the finding. Exploitability — Characteristics of the vulnerability that factor into its potential exploitability. Port — The port that the scanner used to connect to the asset where the scan detected the vulnerability. Protocol — The protocol the scanner used to communicate with the asset where the scan detected the vulnerability. Live Results — This column indicates whether the scan result is based on live results. In Agentless Assessment, you can use live results to view scan results for new plugins based on the most recently collected snapshot data, without running a new scan. The possible values are Yes or No. For more information, see Live Results for Agentless Assessment.
Discovery	Information about when Tenable.io first discovered the vulnerability, including: First Seen — The date when a scan first found the vulnerability on an asset. Last Seen — The date when a scan last found the vulnerability on an asset. Age — The number of days since a scan first found the vulnerability on an asset in your network.
VPR Key Drivers	Information about the key drivers Tenable uses to calculate a VPR for the vulnerability, including: Threat Recency — The number of days (0-730) since a threat event occurred for the vulnerability. Threat Intensity — The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High. Exploit Code Maturity — The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories. Age of Vuln — The number of days since the National Vulnerability Database (NVD) published the vulnerability. Product Coverage — The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High. CVSS3 Impact Score — The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable.io shows a Tenable-predicted score. Threat Sources — A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred. If the system did not observe a related threat event in the past 28 days, the system shows No recorded events.
Plugin Details	Information about the plugin that detected the vulnerability, including: Publication Date — The date on which the plugin that identified the vulnerability was published. Modification Date — The date on which the plugin was last modified. Family — The family of the plugin that identified the vulnerability. Type — The general type of plugin check (for example, local or remote). Version — The version of the plugin that identified the vulnerability. Plugin ID — The ID of the plugin that identified the vulnerability.
Risk Information	Information about the relative risk that the vulnerability presents to the affected asset, including: Risk Factor — The CVSS-based risk factor associated with the plugin. CVSSV2 Base Score — The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). CVSSV2 Vector — More CVSSv2 metrics for the vulnerability. CVSSV3 Base Score — The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). CVSSV3 Vector — More CVSSv3 metrics for the vulnerability. STIG Severity — The vulnerability's severity rating based on the Department of Defense's Security Technical Implementation Guide (STIG).
Reference Information	Industry resources that provide additional information about the vulnerability.