View vulnerability details

You can view further details of a specific vulnerability from the By Vulnerability tab.

View the vulnerability details via the Actions menu

  1. Locate the vulnerability in the Vulnerability Management's By Vulnerability view.
  2. From the vulnerability's Actions menu, select Vulnerability details. The Vulnerability details panel will open on the right.

Vulnerability details panel overview

The vulnerability details panel contains 2 tabs, detailing various pieces of information.

Info tab

The Info tab is split into 2 collapsible sections:

Details section

  • Description - A summary of the vulnerability.
  • Source - origin URL of the vulnerability information .
  • Published on - The date the information was first published.
  • Last updated - The date the information was last updated.

Threat insights

The insights delivered here can be of critical importance. For a fuller understanding of what is being presented through these metrics, please read the Vulnerability Management Threat insights explanation article.

  • CVSS score - Numerical score as per CVSS for the vulnerability.
  • Update available -Indicates whether a fix is available (Yes or No).
  • Attack Vector

    • Describes how easily the vulnerability can be exploited. The more remote the access, the more severe the risk.

    • Network: Exploitable over the Internet. These are known as "remotely exploitable" vulnerabilities.
    • Adjacent: Exploitable only within a shared network or proximity (e.g., Bluetooth, local subnet).
    • Local: Requires local access or user interaction (e.g., opening a malicious file).
    • Physical: Requires physical access to the device (e.g., plugging in a USB).

  • Attack Complexity

    • Measures the effort needed to bypass security features.

    • Low: No special conditions or configurations are required. The attack is straightforward and repeatable.
    • High:Requires bypassing security mechanisms (e.g., ASLR, DEP) or obtaining sensitive information specific to the target.

  • Privileges Required

    • Indicates the level of access needed before the vulnerability can be exploited.

    • None: No prior access is required.
    • Low: Basic user-level access is needed.
    • High: Administrative or elevated privileges are required.

    Self-service accounts that allow privilege escalation during the attack are not considered a privilege requirement.

  • User Interaction

    • Assesses whether another user must be involved for the vulnerability to be exploited.

    • None: No user interaction is needed.
    • Passive: Minimal, unintentional user interaction is required.
    • Active: The user must perform specific actions (e.g., clicking a link or opening a file).

Software tab

The Software tab shows a list of software affected by the selected vulnerability. This list is both expandable and collapsible for easier navigation.

Software is grouped by operating system. Under each operating system, you’ll find the relevant applications listed. Each entry includes a number that indicates how many items are affected.