Go to Network > Vulnerabilities to see the current vulnerabilities list. Click on any row to see vulnerability details.
Detail |
Description |
QID |
The vulnerability ID (QID) assigned by the
PCI compliance service. |
Severity |
The vulnerability severity level as defined by the service. The service has severity levels 1 through 5 for confirmed vulnerabilities and potential vulnerabilities (these are vulnerabilities that could not be fully verified by the service). |
CVSS Base |
CVSS stands for The Common Vulnerability Scoring System. The CVSS base score represents the fundamental, unchanging qualities of the vulnerability. The PCI compliance service uses the CVSS base score from NIST when possible to determine whether a vulnerability severity requires remediation to achieve compliance with the PCI scanning standard. See PCI Pass/Fail Criteria. |
CVSS Temporal |
The CVSS temporal score represents time dependent qualities of the vulnerability. |
PCI Compliance Status |
|
Category |
The category the vulnerability is assigned to. |
Port/Service |
The port and service that the vulnerability was detected on. |
False Positive |
Indicates whether a false positive request has been submitted for the vulnerability. N/A (No request submitted), Requested, Rejected or Expired (Approved request has expired. You must submit a new request.) |
Bugtraq ID |
The Bugtraq ID number assigned to the vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community. Select the Bugtraq ID to link directly to the SecurityFocus web site. |
CVE ID |
If available, this is a link to the CVE name(s) associated with this vulnerability check. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures. Through open and collaborative discussions, the CVE Editorial board determines which vulnerabilities or exposures are included in CVE. If the CVE name starts with CAN (candidate), then it is under consideration for entry into CVE. |
Vendor Reference |
A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046. This may be a link directly to the vendor's web site. |
Last Update |
The date this vulnerability check was last updated in the KnowledgeBase. |
Threat |
A description of the vulnerability threat. |
Description |
A description of the possible consequences that may occur if the vulnerability is successfully exploited. |
Solution |
A suggested solution to fix the problem. This may include a link to a patch, update, the vendor's Web site, or a workaround. |
Result |
Specific scan test results for the vulnerability on the host when available. |