Vulnerability Details

Required Tenable Web App Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

To view Vulnerability Details:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Scans

    The Scans page appears, showing a table that lists your scans.

  3. In the scans table, click the row for the scan for which you want to see details.

    The Scans Details page appears.

  4. In the vulnerabilities table, click the row for the vulnerability for which you want to see details.

    The Vulnerability Details page appears.

The Vulnerability Details page for vulnerabilities contains the following sections.

Section Description
Description

A description of the Tenable plugin that identified the vulnerability detected in the finding.
Solution

A brief summary of how you can remediate the vulnerability detected in the finding. Only appears if an official solution is available.

See Also Links to websites that contain helpful information about the vulnerability detected in the finding.
Plugin Details

Information about the plugin that detected the vulnerability, including:

  • Publication Date — The date on which the plugin that identified the vulnerability was published.

  • Modification Date — The date on which the plugin was last modified.

  • Family — The family of the plugin that identified the vulnerability.

  • Type — The general type of plugin check (for example, local or remote).

  • Version — The version of the plugin that identified the vulnerability.

  • Plugin ID — The ID of the plugin that identified the vulnerability.
Risk Information

Information about the relative risk that the vulnerability presents to the affected asset, including:

Note: Some CVSS score types may not be available for a particular plugin ID.

  • Risk Factor — The CVSS-based risk factor associated with the plugin.

  • CVSSV4 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.

  • CVSSV4 Vector — More CVSSv4 metrics for the vulnerability.

  • CVSSV3 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.

  • CVSSV3 Temporal Score — Characteristics of a vulnerability that change over time.

  • CVSSV3 Vector — More CVSSv3 metrics for the vulnerability.

  • CVSSV2 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.

  • CVSSV2 Temporal Score — A score that denotes characteristics of a vulnerability that change over time, but not among user environments.

  • CVSSV2 Vector — More CVSSv2 metrics for the vulnerability.

  • STIG Severity — A vulnerability's severity rating based on the Department of Defense's Security Technical Implementation Guide (STIG).

Reference Information

Industry resources that provide additional information about the vulnerability.