Vulnerability Management Overview
Vulnerability management can detect Linux, Windows, Web-CMS, application vulnerabilities, and emergency vulnerabilities and provide suggestions, helping you learn about server vulnerabilities in real time. Linux and Windows vulnerabilities can be fixed in one-click mode. This section describes how the vulnerabilities are detected and the vulnerabilities that can be scanned and fixed in each HSS edition.
The vulnerability list displays vulnerabilities detected in the last seven days. After a vulnerability is detected for a server, if you change the server name and do not perform a vulnerability scan again, the vulnerability list still displays the original server name.
How Vulnerability Scan Works
Table 1 describes how different types of vulnerabilities are detected.
Type |
Mechanism |
|---|---|
Linux vulnerability |
Based on the vulnerability database, checks and handles vulnerabilities in the software (such as kernel, OpenSSL, vim, glibc) you obtained from official Linux sources and have not compiled, reports the results to the management console, and generates alarms. |
Windows vulnerability |
Synchronizes Microsoft official patches, checks whether the patches on the server have been updated, pushes Microsoft official patches, reports the results to the management console, and generates vulnerability alarms. |
Web-CMS vulnerability |
Checks web directories and files for Web-CMS vulnerabilities, reports the results to the management console, and generates vulnerability alarms. |
Application vulnerability |
Detects the vulnerabilities in the software and dependency packages running on the server, reports risky vulnerabilities to the console, and displays vulnerability alarms. |
Emergency Vulnerabilities |
Checks whether the software and any dependencies running on the server have vulnerabilities through version comparison and POC verification. Reports risky vulnerabilities to the console and provides vulnerability alarms for you. |
Types of Vulnerabilities That Can Be Scanned and Fixed
For details about the types of vulnerabilities that can be scanned and fixed in different HSS editions, see Types of vulnerabilities that can be scanned and fixed in each HSS edition.
The meanings of the symbols in the table are as follows:
- √: supported
- ×: not supported
Vulnerability Type |
Function |
Basic Edition |
Professional Edition |
Enterprise Edition |
Premium Edition |
Web Tamper Protection Edition |
Container Edition |
|---|---|---|---|---|---|---|---|
Linux vulnerability |
Automatic vulnerability scan (reporting based on the software asset collection period) |
√ |
√ |
√ |
√ |
√ |
√ |
Scheduled vulnerability scan (By default, vulnerabilities are scanned once a week. You can change the scan period by configuring vulnerability policies.) |
× |
√ |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ |
√ |
√ |
|
Windows vulnerability |
Automatic vulnerability scan (reporting based on the software asset collection period) |
√ |
√ |
√ |
√ |
√ |
× |
Scheduled vulnerability scan (By default, vulnerabilities are scanned once a week. You can change the scan period by configuring vulnerability policies.) |
× |
√ |
√ |
√ |
√ |
× |
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
× |
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
× |
|
One-click vulnerability fix |
× |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ |
√ |
× |
|
Web-CMS vulnerability |
Automatic vulnerability scan (reporting based on the software asset collection period) |
× |
√ |
√ |
√ |
√ |
√ |
Scheduled vulnerability scan (By default, vulnerabilities are scanned once a week. You can change the scan period by configuring vulnerability policies.) |
× |
√ |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
|
Application vulnerability |
Automatic vulnerability scan (reporting based on the middleware asset collection period) |
× |
× |
√ |
√ |
√ |
√ |
Scheduled vulnerability scan (By default, vulnerabilities are scanned once a week. You can change the scan period by configuring vulnerability policies.) |
× |
× |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
× |
× |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
× |
× |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
|
Emergency vulnerability |
Automatic vulnerability scan |
× |
× |
× |
× |
× |
× |
Scheduled vulnerability scan (This function is disabled by default and can be enabled through vulnerability policy configuration.) |
× |
√ |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
× |
× × |
× |
× |
× |
× |
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
× |
HSS can scan for Web-CMS , emergency vulnerabilities, and application vulnerabilities but cannot fix them. You can log in to your server to manually fix the vulnerability by referring to the suggestions displayed on the vulnerability details page.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
