Risk information includes information from the risk table and the following fields:
Risk type is the code of the risk type.
Description is the description specified for the risk type or for the vulnerability.
Base score is the initial value for calculating the risk score.
For risks of the Vulnerability category, additional information is displayed in the following fields and field groups:
CVSS vector is a record of metrics for calculating the CVSS vulnerability score.
Attack conditions is a description of the conditions that must be satisfied for the vulnerability to be exploited.
Impact is a description of the possible consequences of exploiting the vulnerability.
Mitigations lists recommendations for the remediation of the vulnerability (for example, information about which software version is recommended to be installed on the device).
Links lists links to public resources that can provide additional information about the vulnerability.
CVE history lists dates when the vulnerability was identified, confirmed, and published in public sources.
To view risk information:
Select the Assets section in the application web interface window.
Go to the Devices tab.
Click the name of the vulnerability (as a CVE ID or other vulnerability ID) in the Risks column.
This opens a window containing information about the vulnerability.