Vulnerability explorer

Use the Vulnerability explorer dashboard in Risk Monitor to quickly explore and model the vulnerabilities within your applications, charting both the exploit path and impact metrics associated with every vulnerability detected.

Description

The tables Vulnerability details and Vulnerable devices, applications and users contain all known vulnerabilities found in your IT estate.

The Exploitability Metrics and Impact Metrics in the middle section of the dashboard are the CVSS Base metrics included in the formula for calculating the CVSS Base score for a vulnerability. See www.first.org and https://nvd.nist.gov for a comprehensive description of all base metrics and parameters and how the CVSS Base score is calculated.

The exploitability metrics describe the conditions upon which a vulnerability could be exploited, and the impact metrics describe the potential outcome of those exploits. If some metrics are of special interest to you and your organization, you can select parameters for those metrics, and the tables will filter to show details of all vulnerabilities in your organization that have been assigned the selected parameters.

For example, if you want to know what vulnerabilities in the organization could be exploited by an unauthorized attacker, select the parameter NONE for the metric Privileges needed. The table Vulnerability details will list all vulnerabilities in the organization that could be exploited by an unauthorized attacker, and the table Vulnerable devices, applications and users will list all applications containing such vulnerabilities.

If you want to see what metric parameters the base score for a specific vulnerability is based on, you can select the CVE id for the vulnerability from the CVE ID list in the filters section on the dashboard. The metrics section will filter to show the parameters assigned to the vulnerability.

Related use cases

Characteristics

You can refer to the tables below for descriptions of the key figures, filters, metrics, and tables on the dashboard.

Key figures

The key figures give a quick overview of your IT estate's exposure to software vulnerabilities.

Key figure	Description
Vulnerable devices	The number of devices with at least one vulnerable application installed.
Vulnerable applications	The number of installed applications containing at least one vulnerability.
Vulnerable users	The number of users with access to at least one vulnerable device.

Filters

Use one or more filters to focus on specific aspects of your IT estate's exposure to software vulnerabilities. The key figures, metrics, and tables on the page will adjust to show the results filtered by the selected parameter or parameters.

Filter	Description
Application name	Select an application name from the list to see details of the vulnerabilities in the application.
Organization	Select an organizational unit from the list to see details of vulnerabilities in applications used by that organizational unit.
CVE ID	Select a CVE id from the list to see details of the vulnerability connected to the CVE id.
PII risk	Select True to see details of all vulnerabilities in PII risk applications in your organization. Select False to see details of all vulnerabilities that are not connected to PII risk applications in your organization.
BaseScore	Select a range to see details of vulnerabilities in your organization with base scores within that range.

Metrics

Select one or more metric parameters of special interest to your organization to filter out the matching vulnerabilities in the Vulnerability details and Vulnerable devices, applications and users tables.

See www.first.org and https://nvd.nist.gov for a comprehensive description of all base metrics and parameters.

Metric	Description
Exploitability Metrics	Exploitability metrics describe the conditions that must be fulfilled for an attacker to be able to exploit the vulnerability. You can select one or more parameters for one or more of the following exploitability metrics: Privileges needed: Specifies the level of privileges an attacker must have to be able to exploit the vulnerability. Scope: Specifies if the vulnerability, if exploited, only can affect resources managed by the same authority, or if it can affect resources beyond the authorization privileges intended by the vulnerable component. Attack vector: Specifies how remote, both logically and physically, an attacker can be to exploit the vulnerable component. User interaction: Specifies if the interaction of a user is required or not to exploit the vulnerable component. Attack complexity: Specifies to which degree conditions beyond the attacker's control must be fulfilled for an attack to be successful. Note: The parameter NOT SPECIFIED indicates that the vulnerability has not yet been assigned any of the other parameters for the metric.
Impact Metrics	Impact metrics describe the potential consequences of an exploited vulnerability. You can select one or more parameters for one or more of the following impact metrics: Confidentiality: Specifies the degree to which data confidentiality will be lost following the exploitation of the vulnerability. Integrity: Specifies the degree to which data integrity will be lost following the exploitation of the vulnerability. Availability: Specifies the degree to which the impacted component will be unavailable following the exploitation of the vulnerability.
Base Severity	You can select one or more base severity grades. Note: The parameter NOT SPECIFIED indicates that the vulnerability has not yet been assigned any of the other Base Severity parameters.

Metric

Description

Exploitability Metrics

Exploitability metrics describe the conditions that must be fulfilled for an attacker to be able to exploit the vulnerability.

You can select one or more parameters for one or more of the following exploitability metrics:

Privileges needed: Specifies the level of privileges an attacker must have to be able to exploit the vulnerability.
Scope: Specifies if the vulnerability, if exploited, only can affect resources managed by the same authority, or if it can affect resources beyond the authorization privileges intended by the vulnerable component.
Attack vector: Specifies how remote, both logically and physically, an attacker can be to exploit the vulnerable component.
User interaction: Specifies if the interaction of a user is required or not to exploit the vulnerable component.
Attack complexity: Specifies to which degree conditions beyond the attacker's control must be fulfilled for an attack to be successful.

Note: The parameter NOT SPECIFIED indicates that the vulnerability has not yet been assigned any of the other parameters for the metric.

Impact Metrics

Impact metrics describe the potential consequences of an exploited vulnerability.

You can select one or more parameters for one or more of the following impact metrics:

Confidentiality: Specifies the degree to which data confidentiality will be lost following the exploitation of the vulnerability.
Integrity: Specifies the degree to which data integrity will be lost following the exploitation of the vulnerability.
Availability: Specifies the degree to which the impacted component will be unavailable following the exploitation of the vulnerability.

Base Severity

You can select one or more base severity grades.

Note: The parameter NOT SPECIFIED indicates that the vulnerability has not yet been assigned any of the other Base Severity parameters.

Tables

Use the tables to see details about the vulnerabilities in your IT estate.

Select a column header to sort the table by that column.

Table	Description
Vulnerability details	Unfiltered, the table includes all vulnerabilities in your IT estate. The following vulnerability details are shown in the table: CVEID: The CVE identifier number for the vulnerability. PublishedDate: The date the vulnerability was published in the CVE. BaseSeverity: The base severity grade for the vulnerability. Sum of BaseScore: The CVSS base score for the vulnerability. Details: The brief description connected to the CVE ID for the vulnerability. Tip: Right-click the description for a vulnerability in the Details column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerability.
Vulnerable devices, applications and users	Unfiltered, the table includes all vulnerable applications in your IT estate, grouped by application manufacturer. For each application, all vulnerable software versions present in the IT estate are listed. The following details are shown in the table: Application manufacturer: The name of the application manufacturer. Select the plus icon to the left of the manufacturer name to expand the table and see all installed vulnerable applications from the manufacturer. Application name: The name of the application. Select the plus icon to the left of the application name to expand the table and see all installed vulnerable software versions of the application. Software version: The version of the application in the Application name column. Vulnerable devices: The number of devices with vulnerable applications from the manufacturer in that row, or the number of devices with the vulnerable application in the expanded row, or the number of devices with the vulnerable software version in the expanded row. Vulnerable applications: The number of vulnerable applications from the manufacturer in that row, or the number of vulnerable applications with the application name in the expanded row (always=1), or the number of software versions in the expanded row (always=1). Vulnerable users: The number of users with access to vulnerable applications from the manufacturer in that row, or the number of users with access to the vulnerable application in the expanded row, or the number of users with access to the vulnerable software version in the expanded row.

Table

Description

Vulnerability details

Unfiltered, the table includes all vulnerabilities in your IT estate.

The following vulnerability details are shown in the table:

CVEID: The CVE identifier number for the vulnerability.
PublishedDate: The date the vulnerability was published in the CVE.
BaseSeverity: The base severity grade for the vulnerability.
Sum of BaseScore: The CVSS base score for the vulnerability.
Details: The brief description connected to the CVE ID for the vulnerability.

Tip: Right-click the description for a vulnerability in the Details column and select Drill through > Vulnerability reference to reach links to security updates and patches for the vulnerability.

Vulnerable devices, applications and users

Unfiltered, the table includes all vulnerable applications in your IT estate, grouped by application manufacturer. For each application, all vulnerable software versions present in the IT estate are listed.

The following details are shown in the table:

Application manufacturer: The name of the application manufacturer.
Select the plus icon to the left of the manufacturer name to expand the table and see all installed vulnerable applications from the manufacturer.
Application name: The name of the application.
Select the plus icon to the left of the application name to expand the table and see all installed vulnerable software versions of the application.
Software version: The version of the application in the Application name column.
Vulnerable devices: The number of devices with vulnerable applications from the manufacturer in that row, or the number of devices with the vulnerable application in the expanded row, or the number of devices with the vulnerable software version in the expanded row.
Vulnerable applications: The number of vulnerable applications from the manufacturer in that row, or the number of vulnerable applications with the application name in the expanded row (always=1), or the number of software versions in the expanded row (always=1).
Vulnerable users: The number of users with access to vulnerable applications from the manufacturer in that row, or the number of users with access to the vulnerable application in the expanded row, or the number of users with access to the vulnerable software version in the expanded row.

In this section:

Vulnerability explorer

Description

Related use cases

Characteristics

Key figures

Filters

Metrics

Tables

Search results