CVEs
On the Vulnerability Intelligence Overview page, the CVEs tab shows vulnerabilities from Tenable's database. All vulnerabilities appear by default, but you can refine the results with vulnerability categories and the query builder.
Tip: Select the checkbox to only show CVEs affecting your assets.
The table in the CVEs tab has the following columns, which you can show or hide as described in Customize Tables.
|
Column |
Description |
|---|---|
|
CVE ID |
Indicates the Common Vulnerability and Exposure (CVE) identifier for the vulnerability, as assigned by the CISA-sponsored CVE Program. |
|
Common Name |
Indicates the informal name of the vulnerability (for example, Log4Shell). Not all vulnerabilities have a common name. |
|
VPR |
The Tenable-calculated Vulnerability Priority Rating (VPR) score from 0.1 to 10. |
|
CVSSv2 |
Indicates the CVSSv2 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
|
CVSSv3 |
Indicates the CVSSv3 score for the vulnerability. When not available from NVD, Tenable determines this score. |
|
Exploit Maturity |
The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources. |
|
EPSS |
Indicates the likelihood that the vulnerability will be actively exploited, based on the third-party Exploit Prediction Scoring System (EPSS). |
|
First Discovered |
Indicates the date the vulnerability was first identified. |
|
First Exploited |
Indicates the date of the vulnerability’s first-known exploitation. |
|
First PoC |
Indicates the date the vulnerability’s first proof of concept was discovered. |
| Zero Day |
If a vulnerability is a zero-day vulnerability—that is, a vulnerability which has been publicly disclosed or is known to be exploited in the wild before a patch is available. Possible values are Yes or No. |
|
Plugins |
Lists the IDs for the Tenable plugins that detected the vulnerability. |
Affected Assets
In any row, click the drop-down > to reveal a table of assets on which that CVE appears, with the following columns.
|
Column |
Description |
|---|---|
|
Asset Name |
The asset identifier, assigned based on the availability of specific attributes in logical order. |
| Operating System | Indicates the operating system run on the asset, for example Linux Kernel 3.13. |
|
IPv4 Address |
Indicates the IPv4 address for the asset. |
|
IPv6 Address |
Indicates the IPv6 address for the asset. |
| Plugin Count | Indicates the number of plugins that identified the CVE on the asset. |
|
ACR |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) as an integer from 1 to 10. |
|
AES |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000. |
|
Last Seen |
Indicates the date when the asset last appeared on a scan. |
| Source | Indicates the scanner or sensor that identified the finding, for example Nessus network-based assessment. |
|
Tags |
Lists any asset tags you applied in Tenable Vulnerability Management. |