Scan Details Filters
On the Scan Details page, while having the Findings tab selected, you can filter Tenable Web App Scanning scans using Tenable-provided filters.
| Column | Description |
|---|---|
| Bugtraq ID | The Bugtraq ID for the plugin that identified the vulnerability. |
| CPE |
CPE (Common Platform Enumeration) is a standardized identifier used to search for vulnerabilities or assets by their software, hardware, or operating system name. It often uses CPE 2.2. Use this filter to locate findings associated with a specific vendor and product, for example, cpe:/a:apache:http_server. There is a limit of 200 CPE values permitted for this filter. Important: This filter queries CPEs assigned to the Nessus Plugin itself, which reflects the base product rather than a specific version of the product. To query for assets running a specific version of a CPE, for example, apache:http_server:2.4.63, navigate to Explore > Assets and use the Installed Software filter in Asset Filters. (200 value limit) |
| CVE |
The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities that the plugin identifies. (200 value limit) |
| CVSSv2 Base Score |
A numeric value between 0.0 and 10.0 that represents the intrinsic characteristics of a vulnerability independent of any specific environment. |
| CVSSv2 Vector |
The raw CVSSv2 metrics for the vulnerability. For more information, see the CVSSv2 documentation on the FIRST website. |
| CVSSv3 Base Score | The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
| CVSSv3 Vector | More CVSSv3 metrics for the vulnerability. |
| CVSSv4 Base Score |
The CVSSv4 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
| CVSSv4 Vector |
More CVSSv4 metrics for the vulnerability. |
| CWE | The Common Weakness Enumeration (CWE) for the vulnerability. |
| Instances Count |
The number of instances of the vulnerability found in the scan. |
| OWASP 2010 | The Open Web Application Security Project (OWASP) 2010 category for the vulnerability targeted by the plugin. |
| OWASP 2013 |
The Open Web Application Security Project (OWASP) 2013 category for the vulnerability targeted by the plugin. |
| OWASP 2017 | The Open Web Application Security Project (OWASP) 2017 category for the vulnerability targeted by the plugin. |
| OWASP 2021 | The Open Web Application Security Project (OWASP) 2021 category for the vulnerability targeted by the plugin. |
| Plugin Description |
The description of the Tenable plugin that identified the vulnerability. |
| Plugin Family |
The family of the plugin that identified the vulnerability. (200 value limit) |
| Plugin ID |
Filter on the ID of the plugin that identified the vulnerability. (200 value limit) |
| Plugin Modification Date |
The date on which the plugin was last modified. |
| Plugin Name |
The name of the plugin that identified the audit finding. |
| Plugin Publication Date |
The date on which the plugin that identified the vulnerability was published. |
| See Also | Links to external websites that contain helpful information about the vulnerability. |
| Severity |
The CVSS score-based severity. For more information, see CVSS Scores vs. VPR in the Tenable Vulnerability Management User Guide. This filter appears in the filters plane by default, with Critical, High, Medium, and Low selected. |
| Solution |
A brief summary of how you can remediate the vulnerability. |
| WASC |
The Web Application Security Consortium (WASC) category associated with the vulnerability targeted by the plugin. |