Viewing Details of a Vulnerability

Constraints

• Vulnerability-related operations are not supported if your servers are not protected by HSS.
• The server Agent Status is Online, Server Status is Running, and Action is Protected.

Linux vulnerabilities/Windows vulnerabilities/Web-CMS vulnerabilities/Application vulnerabilities

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
   Figure 1 Accessing HSS
   

3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.
   

   • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
   • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.
   • If cloud scan is not enabled or you access the HSS (New) console for the first time, the Enable Cloud Scan? dialog box is displayed. You are advised to select Enable cloud scan.
     

     • The cloud scan function is free of charge.
     • After the cloud scan function is enabled, all HSS servers will be scanned. Some HSS quota editions can support only limited scanning capabilities. Therefore, you are advised to purchase the enterprise edition or higher to enjoy all capabilities of the cloud scan function.
     Figure 2 Enabling cloud scan
     

4. In the navigation pane, Choose Prediction > Vulnerabilities.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

5. On the displayed page, click Linux Vulnerabilities, Windows Vulnerabilities, Application Vulnerabilities, or Web-CMS Vulnerabilities.
   Figure 3 Viewing the vulnerability scan results
   

6. Click a vulnerability name to view its basic information, solution, and CVE description.
   Figure 4 Checking vulnerability details
   

7. Click the Affected tab to view the servers affected by the vulnerability and handle the vulnerability.
   Figure 5 Checking affected servers
   
   • Click Fix in the Operation column of a vulnerability.
   • To ignore the vulnerability, click Ignore. HSS will no longer generate alarms for this vulnerability.
   • After the vulnerability is fixed, you can click Verify to verify the fix.

     HSS performs a full check every early morning. If you do not perform a manual verification, you can view the system check result on the next day after you fix the vulnerability.

     If a vulnerability is still detected after you fix it, rectify the fault by referring to Why the Alarms of Fixed Vulnerabilities Are Still Displayed?

     If a vulnerability fails to be rectified, click View Cause to check the details.

   • You can select multiple vulnerabilities and perform the following operations:

     Click Ignore above the list to ignore the vulnerabilities in batches.

     Click Unignore above the list to unignore the vulnerabilities in batches.

     Click Fix above the list to fix the vulnerabilities in batches.

     Click Verify above the list to verify the vulnerabilities in batches.

Exporting a Vulnerability Report

Go to the tab page of the target vulnerability. In the upper right corner of the vulnerability list, click to export the vulnerability reports.

Figure 6 Exporting a vulnerability report

• A maximum of 5000 application vulnerabilities can be exported at a time.
• HSS automatically performs a comprehensive scan in the early morning every day. After the scan is complete, you can download the vulnerability report. You can also manually start a scan and export the report in real time. For details, see Vulnerability Scan (Manual).