View Findings Details

On the Findings page, click a finding to open a pane of details. Then, click to expand the pane.

The upper part of the Findings Details page contains the following information.

Attribute

Description

Finding Name

The name of the finding, for example Microsoft Netlogon Elevation of Privilege (Zerologon) (Remote).

Nessus Plugin ID

If relevant, the unique identifier for the Tenable Nessus plugin that found the vulnerability.

Severity

The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.
State

The state of the vulnerability, for example Active.
Exploitability

Icons indicating characteristics of the vulnerability that determine its potential exploitability; for example, Exploited By Malware or Remotely Exploitable.
VPR The vulnerability's vulnerability priority rating.
CVSSv2 The corresponding vulnerability's CVSSv2 base score.
ACR (Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR).

The lower part of the Findings Details page is divided into tabs. Not all information appears for all findings types.

Details

The Details tab breaks down information about a finding including its description and details for the corresponding vulnerability.

Section

Description
Description A description of the corresponding vulnerability.
Plugin Output Output from the plugin that identified the vulnerability.

Vulnerability Information

Important information about the vulnerability, including the following attributes:

  • Severity — The vulnerability's CVSS-based severity.

  • Vulnerability Published — The oldest date on which the vulnerability was either documented in an advisory or published in the National Vulnerability Database (NVD).

  • Exploitability — Characteristics of the vulnerability that determine its potential exploitability.

  • Patch Published — When a patch for the vulnerability was published.

  • Remediation Type — The type of fix recommended. Possible values are Patch, Workaround, Patch and Workaround, and No Fix.

  • Exploitability Ease — A description of how easy it is to exploit the vulnerability.

  • Exploited By Malware — Whether the vulnerability is known to be exploited by malware.

  • Port — The port the scanner used to connect to the asset where the vulnerability was found.

  • Protocol — The protocol the scanner used to communicate with the asset where the vulnerability was found.

  • Live Result — A Yes or No value that indicates if the scan result is based on live results, which you can use in Agentless Assessment to view scan results for new plugins based on recently collected snapshot data, without running a new scan.
Fixes

If available, details about fixes for the vulnerability, including:

  • Solution — A summary of how to officially remediate the vulnerability.

  • Workaround — The type of recommended workaround; possible values are Configuration Change or Disable Service.

  • See Also — Links to websites with helpful information about the vulnerability.
Vulnerability Detection Timeline

Information about when the vulnerability was detected, including:

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Seen — The date when a scan last found the vulnerability on an asset.

  • Vulnerability Age — The age of a vulnerability based on its State. For Active vulnerabilities, based on the time elapsed between First Seen and today's date. For Fixed vulnerabilities, based on the time elapsed between First Seen and Last Fixed or the time elapsed between Resurfaced and Last Fixed. For Resurfaced vulnerabilities, based on the time elapsed between Resurfaced and and today's date.
VPR Key Drivers

Information about the key drivers Tenable uses to calculate a VPR for the vulnerability, including:

  • Age of Vuln — The number of days since the National Vulnerability Database (NVD) published the vulnerability.

  • CVSS3 Impact Score — The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable Vulnerability Management shows a Tenable-predicted score.

  • Exploit Code Maturity — The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories.

  • Product Coverage — The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High.

  • Threat Sources — A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred. If the system did not observe a related threat event in the past 28 days, the system shows No recorded events.

  • Threat Intensity — The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High.
Plugin Details

Information about the plugin that detected the vulnerability, including:

  • Plugin Published — The date on which the plugin that identified the vulnerability was published.

  • Plugin Updated — The date on which the plugin was last modified.

  • Plugin Family — The family of the plugin that identified the vulnerability.

  • Plugin Type — The general type of plugin check (for example, local or remote).

  • Plugin Version — The version of the plugin that identified the vulnerability.

CVEs Links to the CVEs corresponding to the finding. Click a link to open the the Vulnerability Profile page in the Vulnerability Intelligence section.
Risk Information

Information about the vulnerability's risk profile, including:

  • Risk Factor — The CVSS-based risk factor associated with the plugin.

  • CVSSv3 Base Score — The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).

  • CVSSv3 Vector — A CVSSv3-based text string containing metric:value pairs to describe vulnerability characteristics, for example AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

  • CVSSv3 Temporal Score — A CVSSv3-based score from 0 to 10 indicating current severity. Higher scores are more severe.

  • CVSSv3 Temporal Vector — A CVSSv3-based text string containing metric:value pairs that indicate vulnerability maturity and remediation status, for example E:H/RL:O/RC:C.

  • CVSSv2 Base Score — The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).

  • CVSSv2 Vector — A CVSSv2-based text string containing metric:value pairs to describe vulnerability characteristics.

  • CVSSv2 Temporal Score — A CVSSv2-based score from 0 to 10 indicating current severity.

  • CVSSv3 Temporal Vector — A CVSSv2-based text string containing metric:value pairs that indicate vulnerability maturity and remediation status.

  • STIG Severity — A vulnerability's severity rating based on the Department of Defense's Security Technical Implementation Guide (STIG).

  • Risk Modified — The risk modification applied to the vulnerability's severity.
References Industry resources that provide additional information about the vulnerability.

Asset Summary

The Asset Summary tab contains details about the asset corresponding to the finding, along with when the asset was last seen by a scanner.

Section

Description
Asset Summary

Information about the affected asset, including:

  • Asset Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
  • Asset ID — The UUID of the asset where a scan detected the vulnerability.
  • System Type — The type of operating system that the scan identified on the affected asset.
  • Operating System — The operating system that the scan identified on the affected asset.
  • Public — Indicates if the asset is available on a public network. A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace.

  • IPV4 Address — The IPv4 address for the affected asset.

  • IPV6 Address — The IPv6 address for the affected asset.

  • Network — The name of the network object associated with scanners that identified the asset. The default name is Default. For more information, see Networks.

  • MAC Addresses — The MAC addresses for the affected asset.

  • Tenable ID — A UUID created for new assets during credentialed scans or agent scans. If an asset is found not to be unique, this UUID is not created and an existing one is reused.

  • DNS (FQDN) — The fully qualified domain name of the asset host.
Tags A panel containing tags assigned to the affected asset. Click to add a new tag or click on a single tag to remove it.
CPE

The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies, using a standardized naming convention. To learn more, see the National Vulnerability Database website.

Last Seen

Information about when the affected asset was last identified on a scan, including:

  • Last Seen — The date when a scan last found the vulnerability on an asset.

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates Last Authenticated Scan, but not Last Licensed Scan.

  • Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field.

  • Source — The source of the scan that detected the vulnerability on the affected asset, for example Tenable Nessus.

  • Scan Origin — The scanner that detected the finding, for example Tenable Vulnerability Management or Tenable Security Center. You can use this attribute to identify if the scan is a work-load scan.

  • Last Authentication Status — The status of the last authentication attempt, for example, Success.

  • Last Successful Authentication — The date and time of the last successful authentication.

  • Last Authentication Attempt Time — The date and time of the last authentication attempt.

Affected Products

A table of information about the products on the affected assets. This section only appears for Vulnerabilities and has the following columns.

Column

Description
End of Life If applicable, the end of life date for the affected product.
Path The installation path of the product.

Product

The product name.
Product Type The type of product, for example Operating System.
Vendor The vendor who makes the product affected by the vulnerability, for example Microsoft.
Version If relevant, the version number of the product.