TABLE OF CONTENTS
Overview
This topic explains the information that you find in the vulnerability list view and detail view and actions that you can take from the vulnerability detail view. You should navigate to the Security Reports > Vulnerabilities page to see the information on vulnerabilities found in the images, while scanning them.
Each entry (row) of the Vulnerabilities page is an instance of a vulnerability found in one image during scanning of the image. Therefore, if a given vulnerability was found in N images, it will appear N times in the list. In the documentation, Aqua refers the term vulnerability to mean an instance of a vulnerability.
Vulnerability instances
The following screenshot shows the Vulnerabilities page filtered with the name contains the text string CVE-2020-1971. There are 5 instances of this same vulnerability found during scanning.
The row corresponding to each vulnerability contains the following information:
| Header | Meaning |
|---|---|
| Vulnerability | ID of the vulnerability found (Example: CVE-2005-2541) |
| Image | The image in which the vulnerability was found. The vulnerability and the image values comprise a unique identifier of the vulnerability instance. |
| Custom Severity | Severity defined and loaded by your organization in Aqua for each vulnerability. This severity may or may not be the same as Severity by Aqua, mentioned in the next row. |
| Severity | Severity of the vulnerability: Negligible, Low, Medium, High, or Critical |
| Resource | The image resource in which the vulnerability was found |
| Exploit Availability | A check-mark which indicates the availability of an exploit in the wild |
| Vendor Fix | A check-mark which indicates the availability of a software vendor fix for the vulnerability |
| Acknowledgment | Acknowledge action required or shows information when was the acknowledgement done for the vulnerability. For more information, refer to the Acknowledgement Status section. |
Filter list
You can filter the list of vulnerabilities by any or all of the following criteria:
Note: If you are in Aqua Advanced or Enterprise plan, you can filter vulnerabilities in the All Vulnerabilities display mode only.
| Criteria set | Label | Filters on |
|---|---|---|
| Vulnerability Details | ID or Resource | A substring of either a vulnerability ID or a resource name |
| Severity (dropdown) | Vulnerability severity | |
| Exploit Availability (dropdown) | Available/Not Available. To filter whether there is an exploit in the wild for the vulnerability | |
| Exploit Type (dropdown) | Remote, DoS (denial-of-service), Local, Web Apps Note: This information is not displayed in the list of vulnerabilities. | |
| Environment Details | Registry (dropdown) | The registry of the image containing the vulnerability |
| Image Name | All or part of the name of the image (including tag) in which the vulnerability was found during scanning | |
| Solution Details | Vendor Fix (dropdown) | Yes/No. To filter whether a fix for the vulnerability is available from the software vendor |
| Acknowledgement Status (dropdown) | Yes/No. To filter whether a vulnerability is acknowledged. | |
| More Filters | Score | Filters vulnerabilities which exceeded or matches the selected vulnerability score |
You can clear any or all of the active filters by clicking the X button on the active filters as shown below.
Acknowledgement status
you can apply the acknowledgment to a single instance or multiple images. In other words, the acknowledgment can apply to multiple vulnerability instances. The Acknowledgment column of the Vulnerabilities page can contain any one of the values listed in the following table. The following table shows the values that are displayed in the Acknowledgement column.
For more information on how to acknowledge or unacknowledge a vulnerability or the associated information, refer to Apply and Manage Security Issue Acknowledgments.
For more information on the explanation of the effects of acknowledging a vulnerability, refer to Reactive Risk Management.
| Value | Explanation |
|---|---|
| Acknowledge | This is a button displayed in the column to show that vulnerability instance is not acknowledged. You can click the button to acknowledge the vulnerability. |
| N days ago | This is a button displayed in the column to show when the vulnerability instance was acknowledged. It shows the numbers days from today, the vulnerability is acknowledged. You can click the button to unacknowledge the vulnerability. |
Vulnerability detail view
You can click any row in the Vulnerabilities list to see a window that provides full details about the vulnerability as shown below:
You can acknowledge the specific vulnerability from the detail view, by clicking the Acknowledge button.