Here are some common terms that we use in vulnerability details.
Malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia.
The Bugtraq ID number assigned to the vulnerability by SecurityFocus.
Each vulnerability is assigned to a category. Some categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall). Learn more
The CVE name(s) associated with the vulnerability. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures.
CVSS Access Vector is part of the CVSS Base metric group, and reflects the level of access required to exploit a vulnerability. The more remote an attacker can be to exploit a vulnerability, then the higher the score and risk. CVSS Access Vector values are Local Access, Adjacent Network and Network. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
This score represents the fundamental, unchanging qualities of the vulnerability and is provided by NIST, unless the score is marked with the footnote [1] which indicates the score is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
Tell me about the footnoteTell me about the footnote
The footnote [1] indicates that the CVSS Base score is not supplied by NIST. When we looked up the latest NIST score for the vulnerability, as published in the National Vulnerability Database (NVD), NIST either listed the CVSS Base score as 0 or did not provide a score in the NVD. In this case, we determined that the severity of the vulnerability warranted a higher CVSS Base score. The score provided by the service is displayed.
This score represents time dependent qualities of the vulnerability and is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
Identifies the type of scan that will detect the vulnerability - authenticated, remote (unauthenticated), or both.
Exploitability information correlated with the vulnerability, includes references to known exploits and related security resources. This field is auto-populated by scripts that search the Internet at known exploit sites. When an exploit is found, the QID is updated with a link to the exploit. Note - The QID modified date is not updated based on changes to exploitability information since these changes don't affect the signature code, scoring or the QID description.
Indicates whether the vulnerability must be fixed to pass a PCI compliance scan.
The unique Qualys ID number assigned to the vulnerability.
Each vulnerability is assigned a severity level (1-5) which is determined by the security risk associated with its exploitation. Learn more
You must assign a tracking method to each host in your subscription: IP address, DNS Hostname or NetBIOS hostname. The tracking method determines how the host will be reported in scan reports. Learn more
Do you have Cloud Agent? Hosts with cloud agents are identified with a tracking method of Cloud Agent (or AGENT). Tip - You can quickly find your agent hosts by clicking the Search option above the list and choosing the Network "Global Cloud Agent Network".
A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046.