Section |
Description |
Description
|
A description of the Tenable plugin that identified the vulnerability detected in the finding.
|
Solution
|
A brief summary of how you can remediate the vulnerability detected in the finding. Only appears if an official solution is available.
|
Workaround
|
The type of workaround recommended for the vulnerability, if any. Possible values are Configuration Change or Disable Service. If there is a workaround, Workaround Published also appears. |
AI Inventory
|
If a finding is AI-related, this section lists the AI/LLM-related tools found by Tenable's plugins. |
See Also
|
Links to websites that contain helpful information about the vulnerability detected in the finding. |
Asset Information
|
Information about the affected asset, including:
- Asset ID — The UUID of the asset where a scan detected the vulnerability.
- Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
-
IPV4 Address — The IPv4 address for the affected asset.
-
IPV6 Address — The IPv6 address for the affected asset.
-
Operating System — The operating system that the scan identified as installed on the affected asset.
-
System Type — The type of operating system that the scan identified as installed on the affected asset.
-
Network — The name of the network object associated with scanners that identified the asset. The default name is Default. For more information, see Networks.
-
Public — Specifies whether the asset is available on a public network. A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace.
-
Network Device Serial ID — The unique identifier of the asset as assigned by the manufacturer. This property is only available for network devices.
|
Cloud Misconfigurations
|
The number of resources that failed to comply with the configured policies. Click this number to go to the Cloud Misconfigurations tile and view the affected resources. |
Asset Scan Information
|
Information about the scan that detected the vulnerability, including:
-
First Seen — The date when a scan first found the vulnerability on an asset.
-
Last Seen — The date when a scan last found the vulnerability on an asset.
-
Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on how licenses work, see Tenable Vulnerability Management Licenses.
-
Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field.
-
Source — The source of the scan that detected the vulnerability on the affected asset.
-
Scan Origin — The scanner that detected the finding. It also helps identify whether the scan is a work-load scan. Possible values are: Tenable Vulnerability Management, Tenable Security Center, and Agentless Assessment.
-
Last Scan Target — The IP address or fully qualified domain name (FQDN) of the asset targeted in the last scan.
|
Additional Information
|
Additional information about the vulnerability findings, including:
-
Network —The name of the network object associated with scanners that identified the finding. The default network name is Default. For more information, see Networks.
-
DNS (FQDN) — The fully qualified domain name of the host on which the vulnerability identified in the finding was detected.
-
MAC Address — The static Media Access Control (MAC) address for the affected asset.
-
Tenable ID — The unique identifier for the Tenable account associated with the affected asset.
-
Installed Software — Software that a scan identified on the affected asset.
-
SSH Fingerprint — The SSH key fingerprints that scans have associated with the asset record.
|
Vulnerability Priority Rating (VPR)
|
(Requires Tenable Lumin license) A descriptive icon indicating the VPR of the vulnerability. For more information, see CVSS vs. VPR. |
Asset Criticality Rating (ACR)
|
(Requires Tenable Lumin license) Rates the criticality of an asset to the organization from 1 to 10. A higher value means the asset is more crucial to the business. For more information, see Tenable Lumin Metrics.
|
Finding State
|
A descriptive icon indicating the state of the vulnerability. For more information, see Vulnerability States. |
Vulnerability Information
|
Information about the vulnerability that the plugin identified, including:
-
Severity — The severity of the vulnerability on the finding.
-
Original Severity — The vulnerability's CVSS-based severity from when a scan first detected the finding.
-
Vuln Published — The oldest date on which the vulnerability was either documented in an advisory or published in the National Vulnerability Database (NVD).
- Exploitability — Characteristics of the vulnerability that factor into its potential exploitability.
- Exploitability Ease — A description of how easy it is to exploit the vulnerability.
-
Exploited With — The most common ways that the vulnerability may be exploited.
-
Exploited by Malware — Indicates whether the vulnerability is known to be exploited by malware.
-
Exploited by Nessus — Indicates whether Tenable Nessus exploited the vulnerability during the identification process.
-
In the News — Indicates whether this plugin has received media attention (for example, ShellShock, Meltdown).
-
Last Fixed — The last time a previously detected vulnerability was scanned and noted as no longer present on an asset.
-
Malware — Indicates whether the plugin that identified the vulnerability checks for malware.
-
Resurfaced Date — The most recent date that a scan detected a Resurfaced vulnerability which was previously Fixed. If a vulnerability is Resurfaced multiple times, only the most recent date appears.
-
Time Taken to Fix — How long it took your organization to fix a vulnerability identified on a scan, in hours or days. Only appears for Fixed vulnerabilities. Use this filter along with the State filter set to Fixed for more accurate results.
-
Unsupported by Vendor — Software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3).
-
Vulnerability Age — The age of a vulnerability based on its State. For Active vulnerabilities, based on the time elapsed between First Seen and today's date. For Fixed vulnerabilities, based on the time elapsed between First Seen and Last Fixed or the time elapsed between Resurfaced and Last Fixed. For Resurfaced vulnerabilities, based on the time elapsed between Resurfaced and and today's date.
- Patch Published — Displays when a patch has been published for a vulnerability.
- Remediation Type — The type of fix recommended. Possible values are Patch, Workaround, Patch and Workaround, and No Fix.
- Workaround Type — Appears if the Remediation Type is Workaround. Possible values are Configuration Change or Disable Service.
- Port — The port that the scanner used to connect to the asset where the scan detected the vulnerability.
-
Protocol — The protocol the scanner used to communicate with the asset where the scan detected the vulnerability.
-
Live Result — Indicates whether the scan result is based on live results. In Agentless Assessment, you can use live results to view scan results for new plugins based on the most recently collected snapshot data, without running a new scan. The possible values are Yes or No. For more information, see Live Results for Agentless Assessment.
-
CPE — The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies.
-
Asset Inventory — This plugin is an Tenable Inventorynventory plugin.
-
Default Account — Any default credentials or accounts.
|
Discovery
|
Information about when Tenable Vulnerability Management first discovered the vulnerability, including:
-
First Seen — The date when a scan first found the vulnerability on an asset.
-
Last Seen — The date when a scan last found the vulnerability on an asset.
-
Age — The number of days since a scan first found the vulnerability on an asset in your network.
-
Resurfaced Date — The most recent date that a scan detected a Resurfaced vulnerability which was previously Fixed. If a vulnerability is Resurfaced multiple times, only the most recent date appears.
-
Vulnerability Age — The age of a vulnerability based on its current State:
-
New or Active — The time elapsed between First Seen and today's date.
-
Fixed — The time elapsed between First Seen and Last Fixed or between Resurfaced and Last Fixed.
-
Resurfaced — The time elapsed between Resurfaced and today's date.
|
VPR Key Drivers
|
Information about the key drivers Tenable uses to calculate a VPR for the vulnerability, including:
-
Threat Recency — The number of days (0-730) since a threat event occurred for the vulnerability.
-
Threat Intensity — The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High.
-
Exploit Code Maturity — The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories.
-
Age of Vuln — The number of days since the National Vulnerability Database (NVD) published the vulnerability.
-
Product Coverage — The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High.
-
CVSS3 Impact Score — The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable Vulnerability Management shows a Tenable-predicted score.
-
Threat Sources — A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred. If the system did not observe a related threat event in the past 28 days, the system shows No recorded events.
|
Plugin Details
|
Information about the plugin that detected the vulnerability, including:
-
Publication Date — The date on which the plugin that identified the vulnerability was published.
-
Modification Date —
The date on which the plugin was last modified.
-
Family — The family of the plugin that identified the vulnerability.
-
Type — The general type of plugin check (for example, local or remote).
-
Version — The version of the plugin that identified the vulnerability.
-
Plugin ID — The ID of the plugin that identified the vulnerability.
|
Risk Information
|
Information about the relative risk that the vulnerability presents to the affected asset, including:
-
Risk Factor — The CVSS-based risk factor associated with the plugin.
- CVSSV3 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.
-
CVSSV3 Temporal Score — Characteristics of a vulnerability that change over time.
-
CVSSV3 Vector — More CVSSv3 metrics for the vulnerability.
-
CVSSV2 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.
-
CVSSV2 Temporal Score — A score that denotes characteristics of a vulnerability that change over time, but not among user environments.
-
CVSSV2 Vector — More CVSSv2 metrics for the vulnerability.
-
STIG Severity — A vulnerability's severity rating based on the Department of Defense's Security Technical Implementation Guide (STIG).
|
Reference Information
|
Industry resources that provide additional information about the vulnerability.
|
Actions
|
In the upper-right corner, click the Actions button to view a drop-down where you can:
-
Export — Export to CSV or JSON, as described in Export from Explore Tables.
-
Generate Report — Generate a report from a template, as described in Reports.
-
Recast — Recast or accept finding severity, as described in Create Recast Rules from Findings.
-
View All Findings — View all findings for an asset, as described in View Asset Details.
-
View All Details — View complete details for a finding, as described in View Finding Details.
-
View All Details in New Tab — View complete details for an asset in a new browser tab.
-
Create Remediation Project — Start a new remediation project for an asset, as described in Remediation Projects.
-
Launch Remediation Scan — Start a remediation scan to follow up on existing scan results, as described in Launch a Remediation Scan.
|