Vulnerability Findings Details

Required User Role: Read-Only, Basic User, Scan Operator, Standard User, Scan Manager, or Administrator

On the Findings page, select a Vulnerability finding to open a details pane. Then, click to expand the pane.

The upper part of the Vulnerability Details pane contains the following information.

Attribute

Description

Vulnerability Name

The name of the vulnerability, displayed as the title of the details pane.

Finding ID

The unique identifier for the specific finding instance.

Nessus Plugin ID

The ID of the Nessus plugin that detected the vulnerability. Click the ID to open the plugin details on the Tenable Plugin Search page.

Severity

The severity level of the vulnerability, displayed as a color-coded badge. Possible values are Critical, High, Medium, Low, and Info.

State

The current state of the finding. Possible values are Active, New, Resurfaced, and Fixed.

VPR

The Vulnerability Priority Rating score (0–10), indicating the likelihood of exploitation.

VPR (Beta)

The updated VPR score from the beta scoring model (0–10).

CVSSv2

The CVSSv2 base score (0–10).

ACR

(Requires Tenable One / Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) is an integer from 1 to 10.

ACR helps prioritize remediation by identifying which vulnerabilities affect your most critical assets.

The lower part of the Vulnerability Details pane is divided into tabs.

Details

The Details tab breaks down information about the vulnerability finding. Sections appear only when the finding contains the relevant data.

Section

Description
Description A summary of the vulnerability from the plugin, including what the vulnerability is and its potential impact. Select Read more to expand the full description.
Plugin Output The raw output that the plugin returns when it detects the vulnerability on the asset. Content varies by plugin.
Vulnerability Information

Information about the vulnerability, including:

  • Severity — Severity level: Info, Low, Medium, High, or Critical.
  • Vulnerability Published — Date the vendor publicly disclosed the vulnerability.
  • Exploitability — Indicates how easily an attacker can exploit the vulnerability.
  • Patch Published — Date a vendor made a patch available.
  • Remediation Type — Type of remediation available (for example, Patch).
  • Exploitability Ease — Description of how easily exploits can be executed.
  • Exploited By Malware — Indicates whether known malware exploits the vulnerability.
  • Port — Port on which Tenable detected the vulnerability.
  • Protocol — Network protocol associated with the finding (for example, TCP).
  • Live Result — Indicates whether the result is a live scan result.
Fixes

Remediation information for the vulnerability, including:

  • Solution — Recommended remediation action provided by the plugin.
  • Workaround — Interim mitigation steps, if available.
  • See Also — Links to external references and advisories related to the vulnerability.
Vulnerability Detection Timeline

Timeline data for when the vulnerability was detected, including:

  • First Seen — Date and time Tenable first detected the vulnerability on this asset.
  • Last Seen — Date and time Tenable most recently detected the vulnerability on this asset.
  • Vuln SLA Date — SLA deadline date for remediating the vulnerability, based on your configured SLA policy.
  • Vulnerability Age — Number of days since Tenable first detected the vulnerability.
VPR Key Drivers

The factors that contribute to the VPR score, including:

  • Age of Vuln — How long the vulnerability has been known (for example, 731 days+).
  • CVSSv3 Impact Score — The CVSSv3 impact subscore for the vulnerability.
  • Exploit Code Maturity — Maturity level of known exploit code (for example, POC, Functional).
  • Product Coverage — Breadth of affected products (for example, Low, Medium, High).
  • Threat Sources — Known threat sources associated with the vulnerability.
  • Threat Intensity — Intensity of observed threat activity (for example, Very Low, High).
VPR (Beta) Key Drivers

The factors that contribute to the VPR (Beta) score, including:

  • VPR — Vulnerability Priority Rating score (0–10).
  • VPR (Beta) — Updated VPR score from the beta scoring model.
  • VPR (Beta) Key Driver CVE ID — CVE identifier for the primary vulnerability driving the VPR (Beta) score.
  • VPR (Beta) Key Driver Exploit Code Maturity — Maturity of exploit code as used in the VPR (Beta) calculation.
  • VPR (Beta) Key Driver Exploit Probability — Estimated probability that the vulnerability will be exploited.
  • VPR (Beta) Key Driver In the News Intensity, last 30 days — Intensity of news coverage about the vulnerability in the past 30 days.
  • VPR (Beta) Key Driver In the News Recency — How recently the vulnerability has been covered in the news.
  • VPR (Beta) Key Driver Malware Observations Intensity, last 30 days — Intensity of malware activity associated with the vulnerability in the past 30 days.
  • VPR (Beta) Key Driver Malware Observations Recency — How recently malware activity related to the vulnerability has been observed.
  • VPR (Beta) Key Driver On CISA KEV — Indicates whether the vulnerability appears on the CISA Known Exploited Vulnerabilities catalog.
  • VPR (Beta) Key Driver VPR Percentile — Percentile rank of the VPR (Beta) score relative to all vulnerabilities.
  • VPR (Beta) Key Driver VPR Severity — Severity classification derived from the VPR (Beta) score.
Plugin Details

Technical details about the Nessus plugin that detected the vulnerability, including:

  • Plugin Published — Date Tenable first published the plugin.
  • Plugin Updated — Date Tenable last updated the plugin.
  • Plugin Family — Plugin family category (for example, Windows : Microsoft Bulletins).
  • Plugin Type — Type of plugin (for example, Local, Remote).
  • Plugin Version — Version number of the plugin.
CVEs CVE identifiers associated with the vulnerability that the plugin detected.
Risk Information

Risk scoring and classification for the vulnerability, including:

  • Risk Factor — Overall risk classification (for example, Critical, High, Medium, Low).
  • CVSSv3 Base Score — CVSSv3 base score (0–10).
  • CVSSv3 Vector — CVSSv3 vector string describing the scoring characteristics.
  • CVSSv3 Temporal Score — CVSSv3 temporal score, adjusted for exploit maturity and remediation level.
  • CVSSv3 Temporal Vector — CVSSv3 temporal vector string.
  • CVSSv2 Base Score — CVSSv2 base score (0–10).
  • CVSSv2 Vector — CVSSv2 vector string.
  • CVSSv2 Temporal Score — CVSSv2 temporal score.
  • CVSSv2 Temporal Vector — CVSSv2 temporal vector string.
  • STIG Severity — STIG severity category (for example, CAT I, CAT II, CAT III).
  • Risk Modified — Indicates whether a recast or accept rule modified the risk.
  • RCE — Indicates whether the vulnerability enables remote code execution.
  • Watchlist — Indicates whether the vulnerability is on the Tenable watchlist.
  • PoC Available — Indicates whether a proof-of-concept exploit is publicly available.
References External reference identifiers associated with the vulnerability, such as Bugtraq IDs, Microsoft Security Bulletins (MSFT), and Microsoft Knowledge Base articles (MSKB).
Note: To change the severity of a vulnerability finding, use Add Recast Rule from the menu. See Add a Recast Rule.

Asset Summary

The Asset Summary tab contains details about the asset associated with the finding.

Section Description
Asset

Information about the affected asset, including:

  • Asset Name — Name of the asset on which Tenable detected the vulnerability.
  • Asset ID — Unique identifier for the asset.
  • System Type — Classification of the system (for example, general-purpose, router).
  • Operating System — Operating system running on the asset.
  • Public — Indicates whether the asset is publicly accessible.
  • IPv4 Addresses — IPv4 addresses associated with the asset.
  • Network — Network the asset belongs to (for example, Default).
  • MAC Addresses — MAC addresses associated with the asset's network interfaces.
  • Tenable ID — The Tenable-assigned identifier for the asset.
  • Related Findings — The number of other findings associated with the same asset.
  • DNS (FQDN) — Fully qualified domain name of the asset.

Click Open in Assets to view the full asset record in Explore > Assets.
Tags Tags applied to the asset. Select More to view all tags. Tags appear only when assigned to the asset.
CPE Common Platform Enumeration (CPE) identifiers for the software products installed on the asset. CPE appears only when the asset has CPE data available.
Last Seen

Information about when the asset was last identified on a scan, including:

  • First Seen — Date and time a scan first detected the asset.
  • Last Seen — Date and time a scan most recently detected the asset.
  • Last Authenticated Scan — Date and time of the most recent authenticated scan of the asset.
  • Last Licensed Scan — Date and time of the most recent licensed scan of the asset.
  • Sources — Scan sources that have observed the asset (for example, Nessus Scan).
  • Scan Origin — Platform that performed the scan (for example, Tenable Vulnerability Management).

Affected Products

The Affected Products tab lists software products installed on the asset that are affected by the vulnerability. Expand a row to view the Assets and Findings associated with that product.

Column Description
Vendor The vendor of the affected software product.
Product The name of the affected software product.
Product Type The type or category of the software product.
Version The version of the affected software product installed on the asset.
Path The file system path where the software is installed.
End Of Life Indicates whether the software product has reached end of life.
Assets The number of assets where this product version is installed.
Vuln Count The number of vulnerabilities associated with this product version.
Tickets The number of integration tickets associated with this product version.

Ticket Logs

The Ticket Logs tab displays integration tickets associated with the finding, such as Jira or ServiceNow tickets created through Tenable integrations.

Column Description
Date Created The date the ticket was created.
Integration The name of the ticketing integration (for example, Jira, ServiceNow).
Owner The user assigned to the ticket.
Key The ticket key or identifier in the external system.
Content A summary of the ticket content or title.
Status The current status of the ticket in the external system.
Create Method The method used to create the ticket (for example, Manual, Automatic).
Last Updated The date and time the ticket was most recently updated.