Vulnerability Management Overview
Vulnerability management can detect Linux, Windows, Web-CMS, application vulnerabilities, and emergency vulnerabilities and provide suggestions, helping you learn about server vulnerabilities in real time. Linux and Windows vulnerabilities can be fixed in one-click mode. This section describes how the vulnerabilities are detected and the vulnerabilities that can be scanned and fixed in each HSS edition.
How Vulnerability Scan Works
Table 1 describes how different types of vulnerabilities are detected.
Types of Vulnerabilities That Can Be Scanned and Fixed by HSS
For details about the types of vulnerabilities that can be scanned and fixed by each HSS edition, see Table 2.
The meanings of the symbols in the table are as follows:
- √: supported
- ×: not supported
|
Vulnerability Type |
Function |
Basic Edition |
Professional Edition |
Enterprise Edition |
Premium Edition |
Web Tamper Protection Edition |
Container Edition |
|---|---|---|---|---|---|---|---|
|
Linux vulnerability |
Automatic vulnerability scan (daily by default) |
√ |
√ |
√ |
√ |
√ |
√ |
|
Scheduled vulnerability scan (once a week by default) |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
|
One-click vulnerability fix |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Ignoring vulnerabilities |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Verifying vulnerability fix |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Windows vulnerability |
Automatic vulnerability scan (daily by default) |
√ |
√ |
√ |
√ |
√ |
× |
|
Scheduled vulnerability scan (once a week by default) |
× |
√ |
√ |
√ |
√ |
× |
|
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
× |
|
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
× |
|
|
One-click vulnerability fix |
× |
√ |
√ |
√ |
√ |
× |
|
|
Ignoring vulnerabilities |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Verifying vulnerability fix |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Web-CMS vulnerability |
Automatic vulnerability scan (daily by default) |
× |
√ |
√ |
√ |
√ |
√ |
|
Scheduled vulnerability scan (once a week by default) |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
|
|
Ignoring vulnerabilities |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Verifying vulnerability fix |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Application vulnerability |
Automatic vulnerability scan (every Monday by default) |
× |
× |
√ |
√ |
√ |
√ |
|
Scheduled vulnerability scan (once a week by default) |
× |
× |
√ |
√ |
√ |
√ |
|
|
Vulnerability whitelist |
× |
× |
√ |
√ |
√ |
√ |
|
|
Manual vulnerability scan |
× |
× |
√ |
√ |
√ |
√ |
|
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
|
|
Ignoring vulnerabilities |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Verifying vulnerability fix (only applicable to applications packaged as JAR files) |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Emergency vulnerability |
Automatic vulnerability scan |
× |
× |
× |
× |
× |
× |
|
Scheduled vulnerability scan (disabled by default) |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Vulnerability whitelist |
× |
× |
× |
× |
× |
× |
|
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
|
|
Ignoring vulnerabilities |
× |
√ |
√ |
√ |
√ |
√ |
|
|
Verifying vulnerability fix |
× |
× |
× |
× |
× |
× |
HSS can scan for Web-CMS vulnerabilities, emergency vulnerabilities, and application vulnerabilities but cannot fix them. You can log in to your server to manually fix the vulnerability by referring to the suggestions displayed on the vulnerability details page.
Vulnerabilities Detectable by HSS
The following table describes the vulnerabilities that can be detected by HSS.
|
Application Type |
Detectable Application Vulnerability |
|---|---|
|
Web services |
|
|
Web frameworks |
Currently, HSS can scan for the vulnerabilities in web frameworks based on Linux, including:
|
|
Databases |
|
|
Middleware |
All Python packages, npm packages, JAR packages loaded by the Java process, and their nested JAR packages. |
|
Component Type |
Detectable Web-CMS Vulnerability |
|---|---|
|
74cms |
|
|
CmsEasy |
CmsEasy cross-site scripting (XSS) vulnerability |
|
DedeCMS |
|
|
Discuz! |
|
|
drupal |
|
|
ECShop |
ECShop SQL injection vulnerability |
|
Joomla! |
|
|
MetInfo |
|
|
phpMyAdmin |
|
|
SchoolCMS |
Unrestricted upload of dangerous files in SchoolCMS |
|
ThinkPHP |
ThinkPHP SQL injection vulnerability |
|
WordPress |
|
|
Component Type |
Detectable Emergency Vulnerability |
|---|---|
|
ActiveMQ |
Apache ActiveMQ remote code execution vulnerability |
|
ActiveMQ + Jolokia |
Apache ActiveMQ Jolokia remote code execution vulnerability |
|
Apache Shiro |
Apache Shiro identity authorization bypass |
|
Apache Solr |
Apache Solr remote code execution vulnerability |
|
Bitbucket |
Atlassian Bitbucket Server command injection vulnerability |
|
Confluence |
Atlassian Confluence OGNL remote code execution vulnerability |
|
Atlassian Confluence template injection vulnerability |
|
|
Atlassian Confluence privilege escalation vulnerability |
|
|
Atlassian Confluence improper authorization mechanism vulnerability |
|
|
CouchDB |
Apache CouchDB remote code execution vulnerability |
|
Dubbo |
Apache Dubbo Hessian deserialization vulnerability |
|
Elasticsearch |
Elasticsearch unauthorized access vulnerability |
|
fastjson |
Fastjson remote code execution vulnerability |
|
GitLab |
|
|
Ingress-Nginx |
Kubernetes Ingress-Nginx design defect vulnerability |
|
Jackson-databind |
Jackson-databind remote command execution vulnerability |
|
Jenkins |
Jenkins arbitrary file read vulnerability |
|
Kafka Connect |
Apache Kafka Connect remote code execution vulnerability |
|
Log4j2 |
Apache Log4j2 remote code execution vulnerability |
|
MinIO |
MinIO information leakage vulnerability |
|
Nacos |
|
|
OFBiz |
Apache OFBiz remote code execution vulnerability |
|
Polkit |
Linux Polkit privilege escalation vulnerability |
|
RocketMQ |
Apache RocketMQ remote code execution vulnerability |
|
runc |
|
|
Rust |
Rust standard library command injection vulnerability |
|
Shiro |
Apache Shiro authentication bypass vulnerability |
|
Smartbi |
|
|
Spring Framework |
Spring Framework JDK >=9 remote code execution vulnerability |
|
Spring Security |
Spring Security vulnerability |
|
Struts |
Apache Struts 2 remote code execution vulnerability |
|
Superset |
Apache Superset identity authentication bypass vulnerability |
|
Vite |
Vite unauthorized access control vulnerability |
|
Weblogic |
WebLogic remote code execution vulnerability |
|
XStream |
XStream remote code execution vulnerability |
|
XZ-Utils |
XZ-Utils backdoor vulnerability |
|
Zentao project management system |
Remote command execution vulnerability in the Zentao project management system |
OSs that Support Vulnerability Scan and Fix
For details about the OSs that support vulnerability scan and fix, see the following:
- In the table, √ indicates that an item is supported, and × indicates that an item is not supported.
- EOL indicates that the system has reached the end of its lifecycle and the vendor will no longer provide official security updates and maintenance support.
|
OS |
Vulnerability Scan |
Automatic Vulnerability Fix |
|---|---|---|
|
Windows Server 2012 R2 Standard 64-bit English (40 GB) |
√ Only the vulnerabilities fixed by the patches released before EOL and extended security updates can be scanned for. |
× |
|
Windows Server 2012 R2 Standard 64-bit Chinese (40 GB) |
√ Only the vulnerabilities fixed by the patches released before EOL and extended security updates can be scanned for. |
× |
|
Windows Server 2012 R2 Datacenter 64-bit English (40 GB) |
√ Only the vulnerabilities fixed by the patches released before EOL and extended security updates can be scanned for. |
× |
|
Windows Server 2012 R2 Datacenter 64-bit Chinese (40 GB) |
√ Only the vulnerabilities fixed by the patches released before EOL and extended security updates can be scanned for. |
× |
|
Windows Server 2016 Standard 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2016 Standard 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2016 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2016 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2019 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2019 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2022 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2022 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2022 Standard 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2022 Standard 64-bit Chinese (40 GB) |
√ |
√ |
|
OS |
Vulnerability Scan |
Automatic Vulnerability Fix |
|---|---|---|
|
CentOS 7.4 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.5 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.6 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.9 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 8.1 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
× |
|
CentOS 8.2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
× |
|
CentOS 8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
× |
|
Debian 9 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
× |
|
Debian 10 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
× |
|
Debian 11 (64-bit) |
√ |
√ |
|
Debian 12 (64-bit) |
√ |
√ |
|
EulerOS 2.2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
EulerOS 2.3 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
EulerOS 2.5 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
EulerOS 2.9 (64-bit) |
√ |
√ |
|
EulerOS 2.10 (64-bit) |
√ |
√ |
|
EulerOS 2.11 (64-bit) |
√ |
√ |
|
EulerOS 2.12 (64-bit) |
√ |
√ |
|
Ubuntu 16.04 (64-bit) |
√ The vulnerabilities fixed by the patches released before EOL and those supported by Ubuntu Pro updates can be scanned for. |
√ To fix Ubuntu Pro vulnerabilities, you need to subscribe to Ubuntu Pro before installing the upgrade package. |
|
Ubuntu 18.04 (64-bit) |
√ The vulnerabilities fixed by the patches released before EOL and those supported by Ubuntu Pro updates can be scanned for. |
√ To fix Ubuntu Pro vulnerabilities, you need to subscribe to Ubuntu Pro before installing the upgrade package. |
|
Ubuntu 20.04 (64-bit) |
√ The vulnerabilities fixed by the patches released before EOL and those supported by Ubuntu Pro updates can be scanned for. |
√ To fix Ubuntu Pro vulnerabilities, you need to subscribe to Ubuntu Pro before installing the upgrade package. |
|
Ubuntu 22.04 (64-bit) |
√ |
√ |
|
Ubuntu 24.04 (64-bit) |
√ |
√ |
|
Red Hat Enterprise Linux 7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
Red Hat Enterprise Linux 8 (64-bit) |
√ |
√ |
|
Red Hat Enterprise Linux 9 (64-bit) |
√ |
√ |
|
openEuler 20.03 LTS (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP1 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP3 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP4 (64-bit) |
√ |
√ |
|
openEuler 22.03 LTS (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP1 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP3 (64-bit) |
√ |
√ |
|
openEuler 22.03 LTS SP4 (64-bit) |
√ |
√ |
|
openEuler 24.03 LTS (64-bit) |
√ |
√ |
|
AlmaLinux 8.4 (64-bit) |
√ |
√ |
|
Rocky Linux 8.4 (64-bit) |
√ |
√ |
|
Rocky Linux 8.5 (64-bit) |
√ |
√ |
|
RockyLinux 8.6 (64-bit) |
√ |
√ |
|
RockyLinux 8.10 (64-bit) |
√ |
√ |
|
Rocky Linux 9.0 (64-bit) |
√ |
√ |
|
RockyLinux 9.1 (64-bit) |
√ |
√ |
|
RockyLinux 9.2 (64-bit) |
√ |
√ |
|
RockyLinux 9.3 (64-bit) |
√ |
√ |
|
RockyLinux 9.4 (64-bit) |
√ |
√ |
|
RockyLinux 9.5 (64-bit) |
√ |
√ |
|
Huawei Cloud EulerOS 1.1 for CentOS (64-bit) |
√ |
√ |
|
Huawei Cloud EulerOS 2.0 Standard Edition (64 bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 12 SP5 (64 bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 15 SP1 (64 bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
SUSE Linux Enterprise Server 15 SP2 (64 bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
Kylin V10 SP1 (64-bit) |
√ |
√ |
|
Kylin V10 SP2 (64-bit) |
√ |
√ |
|
Kylin V10 SP3 (64-bit) |
√ |
√ |
|
UnionTech OS V20 1050e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1060e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1070e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1050d (64-bit) |
√ |
√ |
|
UnionTech OS V20 1060d (64-bit) |
√ |
√ |
|
UnionTech OS V20 1070d (64-bit) |
√ |
√ |
|
Oracle Enterprise Linux 7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
|
Oracle Enterprise Linux 8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
|
Oracle Enterprise Linux 9 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
|
OS |
Vulnerability Scan |
Automatic Vulnerability Fix |
|---|---|---|
|
CentOS 7.4 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.5 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.6 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 7.9 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
CentOS 8.0 (64-bit) |
√ |
× |
|
CentOS 8.1 (64-bit) |
√ |
× |
|
CentOS 8.2 (64-bit) |
√ |
× |
|
CentOS Stream 9 (64-bit) |
√ |
√ |
|
Debian 11 (64-bit) |
√ |
√ |
|
Debian 12 (64-bit) |
√ |
√ |
|
EulerOS 2.8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
EulerOS 2.9 (64-bit) |
√ |
√ |
|
EulerOS 2.10 (64-bit) |
√ |
√ |
|
EulerOS 2.11 (64-bit) |
√ |
√ |
|
EulerOS 2.12 (64-bit) |
√ |
√ |
|
Ubuntu 18.04 (64-bit) |
√ The vulnerabilities fixed by the patches released before EOL and those supported by Ubuntu Pro updates can be scanned for. |
√ To fix Ubuntu Pro vulnerabilities, you need to subscribe to Ubuntu Pro before installing the upgrade package. |
|
Ubuntu 20.04 (64-bit) |
√ The vulnerabilities fixed by the patches released before EOL and those supported by Ubuntu Pro updates can be scanned for. |
√ To fix Ubuntu Pro vulnerabilities, you need to subscribe to Ubuntu Pro before installing the upgrade package. |
|
Ubuntu 22.04 (64-bit) |
√ |
√ |
|
Ubuntu 24.04 (64-bit) |
√ |
√ |
|
Kylin V10 SP1 (64-bit) |
√ |
√ |
|
Kylin V10 SP2 (64-bit) |
√ |
√ |
|
Kylin V10 SP3 (64-bit) |
√ |
√ |
|
Huawei Cloud EulerOS 2.0 Standard Edition (64 bit) |
√ |
√ |
|
UnionTech OS V20 1050e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1060e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1070e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1050d (64-bit) |
√ |
√ |
|
UnionTech OS V20 1060d (64-bit) |
√ |
√ |
|
UnionTech OS V20 1070d (64-bit) |
√ |
√ |
|
openEuler 20.03 LTS (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP1 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP3 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 20.03 LTS SP4 (64-bit) |
√ |
√ |
|
openEuler 22.03 LTS (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP1 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP2 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
openEuler 22.03 LTS SP3 (64-bit) |
√ |
√ |
|
openEuler 22.03 LTS SP4 (64-bit) |
√ |
√ |
|
openEuler 24.03 LTS (64-bit) |
√ |
√ |
|
Rocky Linux 9.0 (64-bit) |
√ |
√ |
|
RockyLinux 9.5 (64-bit) |
√ |
√ |
|
CTyunOS 3-23.01 (64-bit) |
√ |
√ |
|
Red Hat Enterprise Linux 7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL can be scanned for. |
√ |
|
Red Hat Enterprise Linux 8 (64-bit) |
√ |
√ |
|
Red Hat Enterprise Linux 9 (64-bit) |
√ |
√ |
|
Oracle Enterprise Linux 7 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
|
Oracle Enterprise Linux 8 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
|
Oracle Enterprise Linux 9 (64-bit) |
√ Only the vulnerabilities fixed by the patches released before EOL and those supported by paid channels can be scanned for. |
√ For paid channels, you need to register an Unbreakable Linux Network (ULN) and subscribe to related channels to support automatic vulnerability fix. |
Vulnerability Database Update Period
The HSS vulnerability database is updated every two weeks to collect information about newly discovered vulnerabilities. If a major or urgent vulnerability is disclosed, the database will be updated within 48 hours.
You can view the vulnerability database update time in the Protection Overview area on the Overview page.
Vulnerability Fix Priority
The HSS vulnerability management system defines a formula to calculate the vulnerability fixing priority based on related factors.
The formula for calculating the vulnerability fixing priority is as follows:
Vulnerability fixing priority = Vulnerability CVSS score x Asset importance x Vulnerability exploitability x Vulnerability time factor. For details, see Table 6.
|
Parameter |
Description |
|---|---|
|
Vulnerability CVSS score |
CVSS score of a vulnerability. The value ranges from 0 to 10. If a vulnerability contains multiple CVE vulnerabilities, the highest CVSS score is used. |
|
Asset importance |
Importance level of a server. HSS defines three asset importance levels: Important, General, and Test. By default, the importance of an asset is General. You can also change it. For details, see Servers Importance Management. The scores of asset importance are as follows:
|
|
Vulnerability exploitability |
The exploitability is calculated based on the vulnerability label and asset exposure. The base value is 0.6. Extra metrics (their points can be added up):
|
|
Vulnerability time factor |
The impact of a vulnerability decreases over time. Based on this observation, HSS defines time-based factor weights derived from disclosure date to determine the vulnerability fixing priority.
|
The score is calculated using the vulnerability fixing priority formula. Vulnerability fixing priorities are classified into critical, high, medium, and low, as shown in Table 7. You can fix vulnerabilities based on the priorities.
|
Vulnerability Fix Priority |
Score |
How to Fix |
|---|---|---|
|
Critical |
27 to 30 |
Vulnerabilities at this level must be fixed immediately. Attackers may exploit the vulnerabilities to cause great damage to servers. |
|
High |
15.1 to 27 |
Vulnerabilities at this level must be fixed as soon as possible. Attackers may exploit the vulnerabilities to damage servers. |
|
Medium |
7.2 to 15.1 |
You are advised to fix vulnerabilities at this level to enhance your server security. |
|
Low |
Less than 7.2 |
This vulnerability has a small threat to server security. You can choose to fix or ignore it. |
Vulnerability Display
The vulnerability list displays only the latest vulnerability scan results. By default, the results of a scan are displayed for seven days. During this period, if a new scan task is performed, the original vulnerability data will be updated. If no new scan task is performed, HSS will automatically clear the vulnerability data seven days later.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
