Viewing risk information

Risk information includes information from the risk table and the following fields:

• Risk type is the code of the risk type.
• Description is the description specified for the risk type or for the vulnerability.
• Base score is the initial value for calculating the risk score.

For risks of the Vulnerability category, additional information is displayed in the following fields and field groups:

• CVSS vector is a record of metrics for calculating the CVSS vulnerability score.
• Attack conditions is a description of the conditions that must be satisfied for the vulnerability to be exploited.
• Impact is a description of the possible consequences of exploiting the vulnerability.
• Mitigations lists recommendations for the remediation of the vulnerability (for example, information about which software version is recommended to be installed on the device).
• Links lists links to public resources that can provide additional information about the vulnerability.
• CVE history lists dates when the vulnerability was identified, confirmed, and published in public sources.

To view risk information:

1. Select the Assets section in the application web interface window.
2. Go to the Devices tab.
3. Click the name of the vulnerability (as a CVE ID or other vulnerability ID) in the Risks column.

This opens a window containing information about the vulnerability.