You can learn everything you need to know about a vulnerability by going to VM/VMDR > KnowledgeBase and selecting Info from the Quick Actions menu. You'll see basic details for the vulnerability like the title, severity and type. You can also see whether you'll need to use authentication to detect the vulnerability.
See a term you don't know?
Check out our Glossary
How can I tell if authentication is needed?
Check out the discovery method for the vulnerability which will indicate whether authentication is required. You'll also see a key next to Authentication when authenticated scanning can be used. Not sure how to get started with authentication? Go here to find out.
How can I tell if the vulnerability was changed by a user?
If the vulnerability was modified by a user then you'll see Edited: Yes. This means that a Manager user changed the severity level and/or added comments to the Threat, Impact or Solution.
Tell me about published and modified dates
Published date - When the vulnerability was first added to the KnowledgeBase.
Service modified date - When vulnerability attributes were changed like the title, severity level, patch availability, CVSS scores, PCI relevance, etc. Note - This date is not updated based on changes to exploitability information since these changes don't affect the signature code, scoring or the QID description.
User modified date - When a user edited the vulnerability to change the severity level or to add comments.
Tell me about the Change Log section?
The Change Log section displays detection logic changes. For all the changes, you will see the date of the change and comments provided by the Qualys Vulnerability Signatures team. Currently, Change Log only logs entries for QIDs when there are changes to the Detection logic for a signature. The modified date for a QID would change if there is a change in one of the fields for a QID in Knowledge Base. For example, if the severity of a QID was updated. For more details, see "KnowledgeBase QID Updates | Change Log and Modified Date"
When is the QID Modified date updated?
QID Modified date is updated if there are changes made to the following description fields:
- Category: Information Gathered, Confirmed Vulnerability, Potential Vulnerability
- Severity: Severity levels [1,2,3,4,5]
- Vendor Reference: URL to vendor's page
- Patch Available: [Yes, No]
- Title: Title of QID
- Threat: If Threat tab is updated
- Solution: If Solution tab is updated
- Authentication Type: Windows, Unix, Oracle, SNMP, VMware, WebLogic, MS SQL, etc.
- PCI Explanation: QID falls into any of these categories for PCI : SQL Injection, Cross-site scripting (XSS) flaw, Directory traversal, HTTP response splitting/header injection, Unsupported software, Databases access, Default account/password, Unrestricted DNS zone transfer, Backdoor, SSL Specific
- PCI Exception: Reason why QID is marked as PCI exception
Tell me about the list of vendors/products in the Software section
The list of vendors and products associated with the vulnerability is provided by NIST. Please note that this feature covers all QIDs that are associated with a CVE.
What are the supported modules?
These are the Qualys modules that can be used to detect the vulnerability. We'll indicate whether the QID can be detected by a VM scan, Windows Cloud Agent, Linux Cloud Agent, etc. Tip - Use the KnowledgeBase Search to quickly identify vulnerabilities by supported module.