Glossary

Here are some common terms that we use in vulnerability details.

Associated Malware

Discovery Method

Bugtraq ID

Exploitability

Category

PCI Vuln

CVE ID

QID

CVSS Access Vector

Severity Level

CVSS Base Score

Tracking Method

CVSS Temporal Score

Vendor Reference


Associated Malware

Malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia.

Bugtraq ID

The Bugtraq ID number assigned to the vulnerability by SecurityFocus.

Category

Each vulnerability is assigned to a category. Some categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall). Learn more

CVE ID

The CVE name(s) associated with the vulnerability. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures.

CVSS Access Vector

CVSS Access Vector is part of the CVSS Base metric group, and reflects the level of access required to exploit a vulnerability. The more remote an attacker can be to exploit a vulnerability, then the higher the score and risk. CVSS Access Vector values are Local Access, Adjacent Network and Network. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more

CVSS Base Score

This score represents the fundamental, unchanging qualities of the vulnerability and is provided by NIST, unless the score is marked with the footnote [1] which indicates the score is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more

Tell me about the footnote

CVSS Temporal Score

This score represents time dependent qualities of the vulnerability and is provided by the service. This value is used in reporting when CVSS Scoring is enabled for your subscription. Learn more

Discovery Method

Identifies the type of scan that will detect the vulnerability - authenticated, remote (unauthenticated), or both.

Exploitability

Exploitability information correlated with the vulnerability, includes references to known exploits and related security resources. This field is auto-populated by scripts that search the Internet at known exploit sites. When an exploit is found, the QID is updated with a link to the exploit. Note - The QID modified date is not updated based on changes to exploitability information since these changes don't affect the signature code, scoring or the QID description.

PCI Vuln

Indicates whether the vulnerability must be fixed to pass a PCI compliance scan.

QID

The unique Qualys ID number assigned to the vulnerability.

Severity Level

Each vulnerability is assigned a severity level (1-5) which is determined by the security risk associated with its exploitation. Learn more

Tracking Method

You must assign a tracking method to each host in your subscription: IP address, DNS Hostname or NetBIOS hostname. The tracking method determines how the host will be reported in scan reports. Learn more

Do you have Cloud Agent? Hosts with cloud agents are identified with a tracking method of Cloud Agent (or AGENT). Tip - You can quickly find your agent hosts by clicking the Search option above the list and choosing the Network "Global Cloud Agent Network".

Vendor Reference

A reference number released by the vendor in regards to the vulnerability, such as a Microsoft Security Bulletin like MS03-046.