Home

Dynamic Search List - Search Criteria

On this page, select vulnerability search criteria to be included in the search list.

Select the search criteria from the following categories:

dynamic search criteria

IdentificationIdentification

Vulnerability Title

Search for a specific vulnerability by entering the title.

Category

Search for vulnerabilities by the category that the vulnerability is assigned to. Select the Web Application category from the Category menu. Only web application vulnerabilities can be included in a web application profile.

Vendor

Search for vulnerabilities for a particular vendor (for example HP, IBM, Apple, Adobe, Oracle, SUSE). Only QIDs with an associated vendor (as provided from NIST) are returned in the search results.

Vendor Reference

Search for a reference or ID number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin reference like MS03-046.

Product

Search for vulnerabilities for a particular product (for example Sendmail, Tomcat, Firefox, the .net framework). Only QIDs with an associated product (as provided from NIST) are returned in the search results.

List Inclusion

Search for vulnerabilities in pre-defined vulnerability lists.

SANS Top 20. The SANS Institute publishes a list of the 20 most critical Internet security vulnerabilities, including top vulnerabilities in Windows systems, Unix systems, cross-platform applications and networking products. For each of the SANS top 20 vulnerabilities, our service scans for multiple QIDs. You can search for QIDs in the SANS top 20 list.

Qualys External / Internal Top 10. Qualys Top 10 lists include the highest-risk security vulnerabilities comprised of the 10 most prevalent internal vulnerabilities (detected on private IPs) and the 10 most prevalent external vulnerabilities (detected on public IPs). These lists are updated automatically and continuously from a statistically representative sample of thousands of networks. You can search for QIDs in the internal list, external list or both.

CVE ID

Search for a specific CVE ID.

BugTraq ID

Search for the Bugtraq ID number assigned to a vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community.

Severity

Search for vulnerabilities by the threat severity level assigned to the vulnerability. Select each severity level to include in the list. You may select any combination of Levels 1-5 for Confirmed, Potential and Information gathered vulnerability types.

Scan InformationScan Information

Discovery Method

Remote Only. Search for vulnerabilities assigned the Remote Only discovery method. These vulnerabilities can be detected only using remote (unauthenticated) scanning.

Authenticated Only. Search for vulnerabilities assigned the Authenticated Only discovery method. These vulnerabilities can be detected only using authenticated scanning.

Remote and Authenticated. Search for vulnerabilities assigned the Remote and Authenticated discovery method. These vulnerabilities can be detected using remote scanning or authenticated scanning.

Authentication Type

Search for vulnerabilities that are detected by scans when a certain authentication method is enabled for the scan. Select from: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, Form.

Note: If you select an authentication type and also select the remote only discovery method, the search will result in no matches.

Vulnerability Details

Search for specific vulnerability details by entering keywords in the vulnerability description.

Exploit InformationExploit Information

Patch Available

Search for vulnerabilities based on patch availability. Select Yes to list vulnerabilities for which a patch is currently available. Select No to list vulnerabilities for which a patch is not currently available.

Malware

Search for vulnerabilities for which malware information is available in the Trend Micro Threat Encyclopedia.

Exploitability

Search for vulnerabilities with exploitability information. Select one or more information sources from the list provided. Any vulnerability with exploitability information from at least one of the selected sources is returned in the search results.

CVSS InformationCVSS Information

CVSS Values

Search for vulnerabilities by CVSS values. The following CVSS options are only available when CVSS Scoring is enabled for the subscription. Note that Information Gathered checks are not assigned CVSS values and will not be returned in the search results.

CVSS Base Score

List vulnerabilities with a CVSS Base score that is equal to or greater than your entry.

CVSS Temporal Score

List vulnerabilities with a CVSS Temporal score that is equal to or greater than your entry.

CVSS Attack Vector

List vulnerabilities based on the level of access required to exploit the vulnerability. CVSS Attack Vector values are Network, Adjacent Network, Local Access, and Physical Access. select "Not Defined" to list vulnerabilities that have not been defined with an access vector by NIST or by our service.

Compliance InformationCompliance Information

Compliance Details

Search for vulnerabilities by keywords in the compliance description or section number.

Compliance Type

Select from the following compliance types to list vulnerabilities associated with government and industry-specific regulations: CoBIT, HIPAA, GLBA, SOX and PCI. If you select more than one type, then the search results will list vulnerabilities associated with any of the selected types. For example, if you select HIPAA and SOX, then the search results will include vulnerabilities associated with HIPAA or SOX or both.

DatesDates

Service Modified

Search for vulnerabilities based on when our service last modified the vulnerability. Enter a range of dates in the fields provided.

The Service Modified date is updated when any of the following attributes have been changed: severity level, threat description, impact description, solution description, patch availability, CVSS base score, CVSS temporal score, authentication requirement, or PCI relevance.

The selected criteria is added to the list.

dynamic search criteria added

Click Test to view the list of QIDs included with the selected search criteria.

dynamic search criteria tested

Next step: Dynamic Search List - Comments