Vulnerability Metrics

In the right-hand Vulnerability Metrics pane, review key details in the following sections.

General Information

In the General Information section, review when a vulnerability was first discovered, how exploitable it is, and other details.

Field

Description

Tenable Discovery Date

The date Tenable first discovered the vulnerability.

NVD Published Date

The date that the National Vulnerability Database (NVD) added the vulnerability.

Exploitability

How easy it is to exploit the vulnerability (for example, Low Complexity, Network Exploitability).

Exploit Maturity

The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources.

First Proof of Concept

The date the first proof of concept for the vulnerability was released.

First Functional Exploit

The date the first functional exploit for the vulnerability was released.

Risk Profile

In the Risk Profile section, see if the Tenable Research Team is tracking a vulnerability, learn which categories it belongs to, and find out if it can be exploited from a remote network.

Field

Description

Categories

The categories a vulnerability belongs to, as described in Vulnerability Categories. Most vulnerabilities do not have a category.

Tenable Research Watchlist

Indicates that Tenable is actively monitoring the vulnerability since it is being publicly discussed, has a viable proof of concept, and/or is widely used.

Remotely Exploitable

If the vulnerability can be exploited from a remote network.

Proof of Concept Available

If Tenable has identified a proof of concept for this vulnerability.

Zero Day

If a vulnerability is a zero-day vulnerability—that is, a vulnerability which has been publicly disclosed or is known to be exploited in the wild before a patch is available. Possible values are Yes or No.

Severity Metrics

In the Severity Metrics section, view Common Vulnerability Scoring System (CVSS) v3 or CVSSv2 scores, depending on which are available, along with their vector strings.

Field

Description

CVSSv3 Base Score

The CVSSv3 score. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR.

CVSSv3 Vector

A vector string with the values used to calculate the CVSSv3 score, for example: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. To learn more, see this CVSSv3 calculator on the FIRST website.

CVSSv2 Base Score

The CVSSv2 score. When not available from NVD, Tenable determines this score.

CVSSv2 Vector

A vector string with the values used to calculate the CVSSv2 score.

Latest Plugin Coverage

In the Latest Plugin Coverage section, view the most recent Tenable Nessus and Tenable Web App Scanning plugins to detect the vulnerability. Click the links to view plugin details on Tenable’s website.

Field

Description

Nessus

The release date of the newest Tenable Nessus plugin to identify the vulnerability.

Web App Scanning

The release date of the newest Tenable Web App Scanning plugin to identify the vulnerability.