Explore the KnowledgeBase

Our KnowledgeBase of vulnerabilities is the largest and most up to date in the security  industry. Go to the KnowledgeBase to see a complete list of vulnerabilities that can be detected by our security service.

You'll see these vulnerability types:

- Cross-site Scripting Vulnerabilities: Persistent, Reflected, Header, Browser-specific

- SQL Injection Vulnerabilities: Regular and Blind

- Additional vulnerabilities tell you information gathered about each web application during the scan process, such as links crawled, the external links discovered, external form actions discovered, host information, and scan diagnostics

How to search for vulnerabilities

Select KnowledgeBase and navigate to Search results. Enter the search criteria and then click the Search button. You can enter text strings (no wildcards or operators). For example, to search for SQL vulnerabilities, enter "sql" under Search results and then click the Search button.

Search option under knowldgebase tab.

Use filters to find web application vulnerabilities

The KnowledgeBase contains all vulnerability checks provided by our service, including checks for VM scans as well as web application scans. Want to find web application vulnerabilities, the ones we can detect on your web apps? It's easy.

1) Go to the KnowledgeBase.

2) Under Filter Results in the left sidebar, expand Identification and choose Category > Web Application. The filter is applied right away.

Tip - You'll notice "Web Application" in the Category column for all vulnerabilities in the list.

3) You can apply additional filters to refine the list further.

To filter the list for vulnerabilities by severity level, expand Severity Level under Filter Results and choose those severity levels. For example, to search for web application vulnerabilities with confirmed severity level 4 and 5, under Confirmed Severity Level select the check boxes for levels 4 and 5.

How to view vulnerability details

Hover over a row and choose View from the Quick Actions menu. Learn more

What actions can I perform on vulnerabilities?

You can perform the various actions such as edit severity, restore severity, ignore or activate an ignored vulnerability in your KnowledgeBase.

Note: If the actions described here are not available, it means the feature has not been enabled for your subscription. If you want to enable this feature for your subscription, please contact your Qualys Technical Account Manager or Qualys Support and request it.

Permissions Needed: You need to assign the permission named “Update Knowledgebase” in WAS Remediation Permissions for a user to be able to perform the new  actions that are introduced for vulnerabilities. Show me

By default, this permission is assigned only to Manager user. If you want other users to be able to perform the actions, you need to explicitly assign Update KnowledgeBase permission to the user.

If the required permissions are assigned, you can:

-Edit the severity

-Restore severity

-Ignore a vulnerability

-Activate a vulnerability

Want to learn more?

Check out: Discovery method | Exploitability | Malware | Configure search lists | Severity levels | Vulnerability categories