Web Application Findings

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Note:Tenable Vulnerability Management retains findings data for 15 months.

On the Findings page, you can view your web application findings in the Web Application Findings tab.

Your organization's web application findings are shown in a table that contains the following columns.

Note: Not all the following columns appear by default. To view columns that do not appear by default, add them to the table. For more information, see Tenable Vulnerability Management Workbench Tables.

Column Description
Asset ID The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
Asset Name

The name of the asset where the scanner detected the vulnerability. This value is unique to Tenable Vulnerability Management.

IPv4 Address

The IPv4 address associated with the asset record.

This filter supports multiple asset identifiers as a comma-separated list (for example, hostname_example, example.com, 192.168.0.0). For IP addresses, you can specify individual addresses, CIDR notation (for example, 192.168.0.0/24), or a range (for example, 192.168.0.1-192.168.0.255).

Note:Tenable Vulnerability Management does not support a CIDR mask of /0 for this parameter, because that value would match all IP addresses. If you submit a /0 value for this parameter, Tenable Vulnerability Management returns a 400 Bad Request error message.

Severity

The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.

Plugin Name

The name of the plugin that identified the vulnerability.

Plugin ID

The ID of the plugin that identified the vulnerability.

Plugin Family

The family of the plugin that identified the vulnerability.

CVSSv2 Base Score

The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).

Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting.

CVSSv3 Base Score The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).

Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting.

State

The state of the vulnerability.

First Seen

The date when a scan first found the vulnerability on an asset.

Last Seen The date when a scan last found the vulnerability on an asset.
Actions

Shows an interactive button that allows you to complete certain actions with the finding.

This column appears in the table by default and you cannot remove or configure it.

To view and complete actions with a finding in the findings table:

  1. In the row for the finding for which you want to complete an action, in the Actions column, click the button.

    The action menu appears in the row.

  2. Click the action you want to complete.

    A page, plane, or window appears with steps to complete the action.