Web Application Findings

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Findings workbench, click the Web Application Findings tab to view your web application findings. Common web application findings include SQL injections, cross-site scripting, local file inclusions, security misconfigurations, and XML external entity processing.

The Web Application Findings tab contains a table with the following columns. To show or hide columns, see Customize Explore Tables.

Column	Description
Asset ID	The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
Asset Name	The name of the asset where the scanner detected the vulnerability. This value is unique to Tenable Vulnerability Management.
IPv4 Address	The IPv4 address associated with the asset record. This filter supports multiple asset identifiers as a comma-separated list (for example, hostname_example, example.com, 192.168.0.0). For IP addresses, you can specify individual addresses, CIDR notation (for example, 192.168.0.0/24), or a range (for example, 192.168.0.1-192.168.0.255). Note:Tenable Vulnerability Management does not support a CIDR mask of /0 for this parameter, because that value would match all IP addresses. If you submit a /0 value for this parameter, Tenable Vulnerability Management returns a 400 Bad Request error message.
Severity	The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.
Plugin Name	The name of the plugin that identified the vulnerability.
Plugin ID	The ID of the plugin that identified the vulnerability.
Plugin Family	The family of the plugin that identified the vulnerability.
CVSSv2 Base Score	The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting.
CVSSv3 Base Score	The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting.
State	The state of the vulnerability.
First Seen	The date when a scan first found the vulnerability on an asset.
Last Seen	The date when a scan last found the vulnerability on an asset.
Actions	In this column, click the button to view a drop-down where you can: Export — Export to CSV or JSON, as described in Export from Explore Tables. Recast — Recast or accept finding severity, as described in Add Recast or Accept Rules in Findings. View All Findings — View all findings for an asset, as described in View Asset Details. View All Details — View complete details for a finding, as described in View Finding Details.