As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Vulnerability Details 3.X

Owned by Daniel Colon
Last updated: Nov 01, 2022 by Daniel Colon
3 min read

You will learn

The information available in Application and Infrastructure Vulnerability Details.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A

Application Vulnerability Details

Within an application that contains scans, a vulnerability list separated by severity can be viewed. Expanding a selected vulnerability reveals details including its current status, comments, attached files, and the ability to view more in-depth details.

Clicking on the speech bubble icon, highlighted in the circle below, reveals a Comments section beneath the vulnerability displaying any comments that have been added to it. New comments can also be added via the Add Comments button.

Similarly, clicking on the page icon, highlighted in the circle below, reveals a Files section beneath the vulnerability displaying any files that have been attached to it.

Clicking on the View More link redirects to a Vulnerability Details page for the vulnerability. This page details open findings, metadata, comments, files, finding files, and a history of events for the vulnerability. Comments, tags, and files can be edited/deleted from this page as well.

 

The Vulnerability Details page also provides an action drop-down button menu with several options for users to affect the vulnerability, including the following:

  • Close Vulnerability

  • Mark as False Positive

  • Mark as Contested

  • Mark as Verified

  • Change Severity

  • Manage Tags

 

Infrastructure Vulnerability Details

Within a network’s that contains scanner data, a range of IP address clusters and their vulnerabilities, separated by severity, can be viewed.

Expanding a selected IP range, by clicking on a desired range as mentioned above, reveals the range’s details including individual addresses, last scanned date, and vulnerability totals.

Selecting a particular address will reveal its individual details including CVEs, CVSS Scores, and dates. These results can also be filtered by severity level by selecting the desired severity level button on the UI’s results row.

 

Clicking on a desired result will redirect to its Vulnerability Details page, containing a list of associated CVEs and further details including the Scanner Name, Finding Name, Scanner Severity, Severity, a CVSS score (if assigned), IP, and dates.

 

 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.