Glossary
Here are some common terms that we use in vulnerability details.
Associated Malware
Malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia.
Bugtraq ID
The Bugtraq ID number assigned to the vulnerability by SecurityFocus.
Category
Each vulnerability is assigned to a category. Some categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall). Learn more
CVE ID
The CVE name(s) associated with the vulnerability. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures.
CVSS Access Vector
CVSS Access Vector is part of the CVSS Base metric group, and reflects the level of access required to exploit a vulnerability. The more remote an attacker can be to exploit a vulnerability, then the higher the score and risk. CVSS Access Vector values are Local Access, Adjacent Network and Network. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
CVSS Base Score
This score represents the fundamental, unchanging qualities of the vulnerability and is provided by NIST, unless the score is marked with the footnote [1] which indicates the score is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
Tell me about the footnoteTell me about the footnote
The footnote [1] indicates that the CVSS Base score is not supplied by NIST. When we looked up the latest NIST score for the vulnerability, as published in the National Vulnerability Database (NVD), NIST either listed the CVSS Base score as 0 or did not provide a score in the NVD. In this case, we determined that the severity of the vulnerability warranted a higher CVSS Base score. The score provided by the service is displayed.
CVSS Temporal Score
This score represents time dependent qualities of the vulnerability and is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more
Discovery Method
Identifies the type of scan that will detect the vulnerability - authenticated, remote (unauthenticated), or both.
Exploitability
Exploitability information correlated with the vulnerability, includes references to known exploits and related security resources. This field is auto-populated by scripts that search the Internet at known exploit sites. When an exploit is found, the QID is updated with a link to the exploit. Note - The QID modified date is not updated based on changes to exploitability information since these changes don't affect the signature code, scoring or the QID description.
PCI Vuln
Indicates whether the vulnerability must be fixed to pass a PCI compliance scan.
QID
The unique Qualys ID number assigned to the vulnerability.
Severity Level
Each vulnerability is assigned a severity level (1-5) which is determined by the security risk associated with its exploitation. Learn more
Tracking Method
You must assign a tracking method to each host in your subscription: IP address, DNS Hostname or NetBIOS hostname. The tracking method determines how the host will be reported in scan reports. Learn more
Do you have Cloud Agent? Hosts with cloud agents are identified with a tracking method of Cloud Agent (or AGENT). Tip - You can quickly find your agent hosts by clicking the Search option above the list and choosing the Network "Global Cloud Agent Network".
Vendor Reference
A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046.