Viewing Vulnerability Details

Scenario

You can view vulnerabilities of your assets on the Vulnerabilities page. The Vulnerabilities page contains two tabs: Vulnerabilities view and Server view, helping you analyze vulnerabilities from the vulnerability and server perspectives.

Constraints

• Servers that are not protected by HSS do not support this function.
• The Server Status is Running, Agent Status is Online, and Protection Status is Protected. Otherwise, vulnerability scan cannot be performed.

Viewing Vulnerability Details (Vulnerability View)

1. Log in to the HSS console.
2. Click in the upper left corner and select a region or project.
3. In the navigation pane, choose Risk Management > Vulnerabilities.
4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
5. View vulnerability information on the Vulnerabilities page.
   Figure 1 Viewing vulnerability details
   

   Table 1 Vulnerability information

   Item	Description
   Vulnerability data overview	The vulnerability statistics on the top of the Vulnerabilities page displays a summary of vulnerability scan results. Critical Vulnerabilities Click the number in Critical Vulnerabilities. On the slide-out panel displayed, you can view all types of vulnerabilities to be urgently fixed. Unfixed Vulnerabilities Click the number in Unfixed Vulnerabilities. On the slide-out panel displayed, you can view all types of vulnerabilities that are not fixed. Servers with Vulnerabilities Click the number in Servers with Vulnerabilities. You can view the servers with vulnerabilities in the lower part of the Vulnerabilities page. Servers Fixed and Pending Restart After Linux kernel vulnerabilities and Windows vulnerabilities are fixed, you need to restart the fixed servers. Otherwise, HSS will probably continue to warn you of these vulnerabilities. Click the number in the Servers Fixed and Pending Restart area to view the servers to be restarted. Vulnerabilities Handled Today/Total Number of vulnerabilities handled today and the total number of vulnerabilities handled. You can click the numbers to view details. The total number of vulnerabilities is just the vulnerabilities handled within one year. Detectable Vulnerabilities The number of vulnerabilities that can be detected by HSS. Total Scans Total number of vulnerability scans. Click Scan to manually scan for vulnerabilities on servers.
   Priority	HSS rates the priority of a vulnerability based on its CVSS score, asset importance, and vulnerability exploitability. The priority can be critical, high, medium, or low. For details about its calculation and definition, see Vulnerability Fix Priority.
   CVE ID	Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed IT security vulnerabilities and exposures. It provides a unique identifier (CVE ID) for each disclosed vulnerability, helping the public identify vulnerabilities using a unified standard.
   CVSS Score	The Common Vulnerability Scoring System (CVSS) is a method used to supply a qualitative measure of severity. In the CVSS scoring system, score ranges and their severities are as follows: 0.1 to 3.9: Low risk. The vulnerability has low risks and is exploited only under specific conditions. 4.0 to 6.9: Medium risk. The vulnerability has certain risks and may affect your system. 7.0 to 8.9: High risk. The vulnerability has high risks and is likely to be exploited by attackers to cause serious damage to your system, including but not limited to sensitive information leakage and service interruption. 9.0 to 10.0: Critical. The vulnerability has critical risks and may cause critical security incidents, such as system breakdown and large-scale sensitive information leakage.
   Vulnerability details	Click the name of a vulnerability notice. On the vulnerability notice details slide-out panel, you can view the notice description, CVE details, affected servers, and historical handling records of the vulnerability. NOTE: The vulnerability list displays vulnerabilities detected in the last seven days. After a vulnerability is detected on a server, if you change the server name and do not perform a vulnerability scan again, the vulnerability list still displays the original server name. For affected servers, you can view the following information on the Affected tab: Server details: Hover the cursor on the name of an affected server, and you can see the server status and OS version. Vulnerability impact: Click the server name. On the server details page, you can view the software affected by the vulnerability, why the vulnerability hits detection rules, and the processes associated with the vulnerability. Software: The name of the software where the vulnerability is found. Hit: The reason why the vulnerability hits detection rules. Associated Process: The process where the vulnerability is found. Path: The path of the program where the vulnerability is found.

Viewing Vulnerability Details (Server View)

The basic edition does not provide the server view.

1. Log in to the HSS console.
2. Click in the upper left corner and select a region or project.
3. In the navigation pane, choose Risk Management > Vulnerabilities.
4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
5. In the upper left corner of the Vulnerabilities page, click Server view to view vulnerability information.
   Figure 2 Viewing vulnerability details
   

   Table 2 Vulnerability information

   Item	Description
   Vulnerability data overview	The vulnerability statistics on the top of the Vulnerabilities page displays a summary of vulnerability scan results. Critical Vulnerabilities Click the number in Critical Vulnerabilities. On the slide-out panel displayed, you can view all types of vulnerabilities to be urgently fixed. Unfixed Vulnerabilities Click the number in Unfixed Vulnerabilities. On the slide-out panel displayed, you can view all types of vulnerabilities that are not fixed. Servers with Vulnerabilities Click the number in Servers with Vulnerabilities. You can view the servers with vulnerabilities in the lower part of the Vulnerabilities page. Servers Fixed and Pending Restart After Linux kernel vulnerabilities and Windows vulnerabilities are fixed, you need to restart the fixed servers. Otherwise, HSS will probably continue to warn you of these vulnerabilities. Click the number in the Servers Fixed and Pending Restart area to view the servers to be restarted. Vulnerabilities Handled Today/Total Number of vulnerabilities handled today and the total number of vulnerabilities handled. You can click the numbers to view details. The total number of vulnerabilities is just the vulnerabilities handled within one year. Detectable Vulnerabilities The number of vulnerabilities that can be detected by HSS. Total Scans Total number of vulnerability scans. Click Scan to manually scan for vulnerabilities on servers.
   Server Risk Level	HSS classifies servers into four risk levels based on their asset importance, highest CVSS scores, number of unhandled vulnerabilities of each severity, and exploitability (whether EIPs or open ports are available). The four risk levels are high, medium, low, and secure. A higher risk level indicates a higher vulnerability risk on the server.
   Vulnerabilities	Number of vulnerabilities of each risk level. You can click the number to check the vulnerabilities of the corresponding level.
   Server details	Hover the cursor over a server name to view its OS version and server status. NOTE: The vulnerability list displays vulnerabilities detected in the last seven days. After a vulnerability is detected on a server, if you change the server name and do not perform a vulnerability scan again, the vulnerability list still displays the original server name. Click the server name. On the server details page, you can view the vulnerabilities found on the server. On the server details page, you can click a vulnerability notice name to view its CVE details, affected server details, and handling history. On the Affected Server Details tab page, you can check the software affected by the vulnerability, why the vulnerability hits detection rules, and the processes associated with the vulnerability. Software: The name of the software where the vulnerability is found. Hit: The reason why the vulnerability hits detection rules. Associated Process: The process where the vulnerability is found. Path: The path of the program where the vulnerability is found.