CVEs
On the Vulnerability Intelligence Overview page, the CVEs tab shows vulnerabilities from Tenable's database. All vulnerabilities appear by default, but you can refine the results with vulnerability categories and the query builder.
Tip: Select the checkbox to only show CVEs affecting your assets.
The table in the CVEs tab has the following columns, which you can show or hide as described in Customize Tables.
|
Column |
Description |
|---|---|
|
CVE ID |
The Common Vulnerability and Exposure (CVE) identifier for the vulnerability, as assigned by the CISA-sponsored CVE Program. |
|
Common Name |
The informal name of the vulnerability (for example, Log4Shell). Not all vulnerabilities have a common name. |
|
VPR |
The Tenable-calculated Vulnerability Priority Rating (VPR) score from 0.1 to 10. |
|
CVSSv2 |
The CVSSv2 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
|
CVSSv3 |
The CVSSv3 score for the vulnerability. When not available from NVD, Tenable determines this score. |
|
Exploit Maturity |
The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources. |
|
EPSS |
The likelihood that the vulnerability will be actively exploited, based on the third-party Exploit Prediction Scoring System (EPSS). |
|
First Discovered |
When the vulnerability was first identified. |
|
First Exploited |
The date of the vulnerability’s first-known exploitation. |
|
First PoC |
When the vulnerability’s first proof of concept was discovered. |
| Zero Day |
If a vulnerability is a zero-day vulnerability—that is, a vulnerability which has been publicly disclosed or is known to be exploited in the wild before a patch is available. Possible values are Yes or No. |
|
Plugins |
The IDs for the Tenable plugins that detected the vulnerability. |
Affected Assets
In any row, click the drop-down > to reveal a table of assets on which that CVE appears, with the following columns.
|
Column |
Description |
|---|---|
|
Asset Name |
The asset identifier, assigned based on the availability of specific attributes in logical order. |
| Operating System | The operating system running on the asset, for example Linux Kernel 3.13. |
|
IPv4 Address |
The IPv4 address for the asset. |
|
IPv6 Address |
The IPv6 address for the asset. |
| Plugin Count | The number of plugins that identified the CVE on the asset. |
|
ACR |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) as an integer from 1 to 10. |
|
AES |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000. |
|
Last Seen |
The date when the asset last appeared on a scan. |
| Source | The scanner or sensor that identified the finding, for example Nessus network-based assessment. |
|
Tags |
Any asset tags you applied in Tenable Vulnerability Management. |