CVEs
On the Vulnerability Intelligence page, the CVEs tab shows vulnerabilities from Tenable's database. All vulnerabilities appear by default, but you can refine the results with vulnerability categories and the query builder.
The table in the CVEs tab has the following columns, which you can show or hide as described in Customize Tables.
Column |
Description |
---|---|
CVE ID |
Indicates the Common Vulnerability and Exposure (CVE) identifier for the vulnerability, as assigned by the CISA-sponsored CVE Program. |
Common Name |
Indicates the informal name of the vulnerability (for example, Log4Shell). Not all vulnerabilities have a common name. |
VPR |
Indicates the Tenable-calculated Vulnerability Priority Rating (VPR) score from 0.1 to 10. |
CVSSv2 |
Indicates the CVSSv2 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
CVSSv3 |
Indicates the CVSSv3 score for the vulnerability. When not available from NVD, Tenable determines this score. |
Exploit Maturity |
Indicates the highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources. |
EPSS |
Indicates the likelihood that the vulnerability will be actively exploited, based on the third-party Exploit Prediction Scoring System (EPSS). |
First Discovered |
Indicates the date the vulnerability was first identified. |
First Exploited |
Indicates the date of the vulnerability’s first-known exploitation. |
First PoC |
Indicates the date the vulnerability’s first proof of concept was discovered. |
Plugins |
Lists the IDs for the Tenable plugins that detected the vulnerability. |