A vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.
To see suspected vulnerabilities observed in the last 90 days or confirmed vulnerabilities that impacted the rating in the last 90 days, refer to the Vulnerabilities panel.
Navigation Options
SPM App: Dashboards ➔ Company Details ➔ Vulnerabilities
CM App: Vendor Risk ➔ Overview ➔ Vulnerabilities
Patching Cadence findings impact the rating for 300 days.
| Field | Description |
|---|---|
| Name | The name of the vulnerability, usually a Common Vulnerabilities and Exposures (CVE) identifier. |
| Severity | The Bitsight severity of the vulnerability. |
| Classification | The detection status of the vulnerability. |
| Change |
The change in the number of hosts impacted by this vulnerability from the last 90 days and to the prior 90 days. For vulnerabilities that impact the rating, this measures how many are impacting the rating in the current 90-day period vs. the prior 90-day period. Vulnerabilities in the Patching Cadence risk vector impact the rating for 300 days. This includes remediated vulnerabilities that are part of Patching Cadence finding and is still impacting Patching Cadence grade. |
| Impacted Hosts | The number of hosts that are impacted by the vulnerability. |