Detail
Description
QID
The vulnerability ID (QID) assigned by the
PCI compliance service. 
appears
next to each vulnerability that fails PCI compliance. The vulnerability
must be fixed in order to pass PCI compliance. Note that
the PCI compliance service uses CVSS version 3.1 to calculate
PCI pass/fail criteria. See PCI
Pass/Fail Criteria.
Severity
The vulnerability severity level as defined by the service. The service has severity levels 1 through 5 for confirmed vulnerabilities and potential vulnerabilities (these are vulnerabilities that could not be fully verified by the service).
CVSS Base
CVSS stands for The Common Vulnerability Scoring System. The CVSS base score represents the fundamental, unchanging qualities of the vulnerability. The PCI compliance service uses the CVSS base score from NIST when possible to determine whether a vulnerability severity requires remediation to achieve compliance with the PCI scanning standard. See PCI Pass/Fail Criteria.
CVSS Temporal
The CVSS temporal score represents time dependent qualities of the vulnerability.
PCI Compliance Status
appears for each vulnerability and potential vulnerability that
fails PCI compliance. These vulnerabilities must be remediated
to pass the PCI compliance requirements. The vulnerabilities that
do not show a PCI status are vulnerabilities that the PCI compliance
service found on the hosts. Although these vulnerabilities are
not in scope for PCI, we do recommend that you remediate the vulnerabilities
in severity order. The service lists reasons
for passing or failing PCI compliance to help you understand
the PCI compliance status. Note the service is compliant with
the requirements in the PCI ASV Program Guide.
Category
The category the vulnerability is assigned to.
Port/Service
The port and service that the vulnerability was detected on.
False Positive
Indicates whether a false positive request has been submitted for the vulnerability. N/A (No request submitted), Requested, Rejected or Expired (Approved request has expired. You must submit a new request.)
Bugtraq ID
The Bugtraq ID number assigned to the vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community. Select the Bugtraq ID to link directly to the SecurityFocus web site.
CVE ID
If available, this is a link to the CVE name(s) associated with this vulnerability check. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures. Through open and collaborative discussions, the CVE Editorial board determines which vulnerabilities or exposures are included in CVE. If the CVE name starts with CAN (candidate), then it is under consideration for entry into CVE.
Vendor Reference
A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046. This may be a link directly to the vendor's web site.
Last Update
The date this vulnerability check was last updated in the KnowledgeBase.
Threat
A description of the vulnerability threat.
Description
A description of the possible consequences that may occur if the vulnerability is successfully exploited.
Solution
A suggested solution to fix the problem. This may include a link to a patch, update, the vendor's Web site, or a workaround.
Result
Specific scan test results for the vulnerability on the host when available.