The appendix "Approved False Positive Details" appears in the PCI Technical Report to assist users with vulnerability management. This appendix provides a list of vulnerabilities that were approved as false positives on the hosts included in the report. This list includes approvals for current vulnerabilities on all hosts in the report. It does not include any approvals for vulnerabilities which were not detected by the latest scan of each host.
For each approved false positive in the list, the service identifies:
Vulnerability detected (severity level, title, QID and CVSS base score).
Host that the vulnerability was detected on (IP address).
Vulnerability detection details, including the transport protocol (TCP or UDP) and port number if applicable, and whether SSL was enabled.
Approved Date indicating when the false positive request was approved by Technical Support.