Vulnerability Metrics
In the right-hand Vulnerability Metrics pane, review key details in the following sections.
General Information
In the General Information section, review when a vulnerability was first discovered, how exploitable it is, and other details.
Field |
Description |
---|---|
Tenable Discovery Date |
The date Tenable first discovered the vulnerability. |
NVD Published Date |
The date that the National Vulnerability Database (NVD) added the vulnerability. |
Exploitability |
How easy it is to exploit the vulnerability (for example, Low Complexity, Network Exploitability). |
Exploit Maturity |
The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources. |
First Proof of Concept |
The date the first proof of concept for the vulnerability was released. |
First Functional Exploit |
The date the first functional exploit for the vulnerability was released. |
Risk Profile
In the Risk Profile section, see if the Tenable Research Team is tracking a vulnerability, learn which categories it belongs to, and find out if it can be exploited from a remote network.
Field |
Description |
---|---|
Categories |
The categories a vulnerability belongs to, as described in Vulnerability Categories. Most vulnerabilities do not have a category. |
Tenable Research Watchlist |
Indicates that Tenable is actively monitoring the vulnerability since it is being publicly discussed, has a viable proof of concept, and/or is widely used. |
Remotely Exploitable |
If the vulnerability can be exploited from a remote network. |
Proof of Concept Available |
If Tenable has identified a proof of concept for this vulnerability. |
Zero Day |
If a vulnerability is a zero-day vulnerability—that is, a vulnerability which has been publicly disclosed or is known to be exploited in the wild before a patch is available. Possible values are Yes or No. |
Severity Metrics
In the Severity Metrics section, view Common Vulnerability Scoring System (CVSS) v3 or CVSSv2 scores, depending on which are available, along with their vector strings.
Field |
Description |
---|---|
CVSSv3 Base Score |
The CVSSv3 score. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. |
CVSSv3 Vector |
A vector string with the values used to calculate the CVSSv3 score, for example: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. To learn more, see this CVSSv3 calculator on the FIRST website. |
CVSSv2 Base Score |
The CVSSv2 score. When not available from NVD, Tenable determines this score. |
CVSSv2 Vector |
A vector string with the values used to calculate the CVSSv2 score. |
Latest Plugin Coverage
In the Latest Plugin Coverage section, view the most recent Tenable Nessus and Tenable Web App Scanning plugins to detect the vulnerability. Click the links to view plugin details on Tenable’s website.
Field |
Description |
---|---|
Nessus |
The release date of the newest Tenable Nessus plugin to identify the vulnerability. |
Web App Scanning |
The release date of the newest Tenable Web App Scanning plugin to identify the vulnerability. |