Appearance
Vulnerability Detail
The vulnerability detail page provides a comprehensive view of a specific vulnerability finding, including CVE information, CVSS vector analysis, risk scores, package details, remediation guidance, and a list of other affected assets.
Accessing a Vulnerability Detail
Navigate to a vulnerability detail page by:
- Clicking the CVE / OSV ID link in the vulnerabilities list
- Clicking the view (eye) button in the vulnerabilities list
- Clicking a vulnerability link from the asset detail page
Overview Section
The top section displays the core vulnerability information:
| Field | Description |
|---|---|
| Summary | A description of the vulnerability and its potential impact |
| CVE ID | The Common Vulnerabilities and Exposures identifier (e.g., CVE-2024-1234) |
| OSV ID | The OSV.dev identifier for this vulnerability |
| Status | Open (unresolved) or Resolved (fixed) |
| Severity | The severity level badge: Critical, High, Medium, or Low |
A View on NVD button in the top-right corner opens the vulnerability's entry on the NIST National Vulnerability Database in a new tab.
Package Information
This section details the vulnerable package:
| Field | Description |
|---|---|
| Package | The package name (e.g., openssl, lodash, curl) |
| Ecosystem | The package ecosystem (e.g., Debian, npm, PyPI, Maven, Go) |
| Installed Version | The version currently installed on the asset (shown in red) |
| Fixed In | The version that resolves the vulnerability (shown in green), or "No fix available" |
Remediation Guidance
When a fixed version is available, a remediation box appears with a clear instruction:
Update [package] from
[installed version]to[fixed version]
TIP
Use this information to create patch management tickets. The fixed version tells you exactly what version to target in your update.
CVSS Vector Breakdown
When a CVSS vector is available, this section displays the full vector string and a visual breakdown of each component:
| Metric | Values | Description |
|---|---|---|
| Attack Vector | Network, Adjacent, Local, Physical | How the vulnerability can be exploited |
| Attack Complexity | Low, High | How difficult it is to exploit |
| Privileges Required | None, Low, High | What access level the attacker needs |
| User Interaction | None, Required | Whether victim interaction is needed |
| Scope | Unchanged, Changed | Whether exploitation affects other components |
| Confidentiality | None, Low, High | Impact on data confidentiality |
| Integrity | None, Low, High | Impact on data integrity |
| Availability | None, Low, High | Impact on system availability |
Each metric is color-coded to indicate severity:
- Red: High-risk value (e.g., Network attack vector, no privileges required)
- Orange/Yellow: Moderate-risk value
- Green: Low-risk value (e.g., Physical attack vector, high privileges required)
Risk Scores Panel
The right sidebar displays the composite risk scores:
CVSS Score
The CVSS v3.1 base score (0.0 -- 10.0) with a visual progress bar. Color-coded by severity:
| Range | Color | Severity |
|---|---|---|
| 9.0 -- 10.0 | Red | Critical |
| 7.0 -- 8.9 | Orange | High |
| 4.0 -- 6.9 | Yellow | Medium |
| 0.1 -- 3.9 | Blue | Low |
Risk Score
The composite risk score (0.0 -- 10.0) calculated by AttackLens, combining CVSS, EPSS, and KEV factors.
EPSS Score
The Exploit Prediction Scoring System probability as a percentage, along with the percentile ranking (e.g., "95th percentile" means this vulnerability has a higher EPSS score than 95% of all CVEs).
CISA KEV
Shows Known Exploited (red badge) if the vulnerability is in the CISA Known Exploited Vulnerabilities catalog, or "Not listed" if it is not.
Asset Information
The right sidebar also shows which asset this vulnerability finding belongs to, with a link to the asset detail page.
Timeline
The timeline section shows key dates:
| Event | Description |
|---|---|
| Detected | When AttackLens first identified this vulnerability on this asset |
| Resolved | When the vulnerability was remediated (only shown for resolved findings) |
Other Affected Assets
If the same CVE affects multiple assets in your environment, a table lists the other findings:
| Column | Description |
|---|---|
| Asset | The affected asset (links to asset detail) |
| Installed | The installed version on that asset |
| Severity | The severity level |
| Status | Open or Resolved |
Click the view button to navigate to that asset's vulnerability detail page.
WARNING
A vulnerability affecting multiple assets may indicate a systemic patching issue. Consider creating a bulk remediation plan rather than addressing each asset individually.
Related Pages
- View Vulnerabilities: Browse the full vulnerability list
- Understanding Vulnerabilities: How detection and scoring work
- EPSS and KEV: Exploitation probability and known exploits