Publication Date – April 8, 2021
The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone.
Navigation Options
SPM App: Risks ➔ Findings
CM App: Vendor Risk ➔ Findings
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
| Field | Description |
|---|---|
| Event Detail | A summary of the finding. |
| Path Info | The URL path. |
| Risks | A description of the risks involved with the system. |
| Server Name | The domain name of the affected server. |
| Severity Level | Finding severity, which is a measurement of the amount of risk that the finding introduces. |
| Source IP | The source IP address. |
| Source Port | The source port number. |
| User-Agent | The user’s browser details. |