AttackForge
AttackForge.comAttackForge EnterpriseSelf-Service APIFAQ
Search…
AttackForge Support
Release Notes
AttackForge.com
Getting Started
Modules
Upgrade to Pro
Security
Privacy
AttackForge Enterprise & AttackForge Core
Getting Started
How It Works
Requesting A Project
Creating & Updating Projects
Invite User To Project
View Project Team
Project Scope
Project Workspace
Project Notes
Test Cases
Creating Vulnerabilities
Updating Vulnerabilities
Reviewing & QAing Vulnerabilities
Attack Chains
Reporting
Retesting
Integrations
Notifications
Custom Fields & Forms
User Settings
Login Redirects
Modules
Access Control Matrix
Configuration Options
Raising Support Tickets
Built For Enterprise
Security
FAQs
Careers @ AttackForge
Contact
Powered By GitBook
Updating Vulnerabilities

Overview

Once a vulnerability has been created for an asset on a project, you can then update the vulnerability in a number of ways.
Considering updating vulnerabilities is part of the role for a pentester or assessor, only users with Edit access to the project can perform this function.
However, any project team member can add remediation notes & mark a vulnerability as Ready For Retesting. This allows customers, developers & engineers to track remediation performed for a given issue; and let you know once the vulnerability is ready to be retested.

Update Vulnerability

From the vulnerability page which you can access by drilling down from the project dashboard, you can use the page menu to select Edit Vulnerability.

Upload Evidence to Vulnerability

If you need to upload further evidence to a vulnerability, you can select Upload Evidence

Bulk Update (All)

If you need to perform a bulk update for multiple vulnerabilities, and you would like to set the values to be the same - you can use the Update Selected Vulnerabilities (All)option.

Bulk Update (Individually)

If you need to perform a bulk update for multiple vulnerabilities, and you would like to individually update each vulnerability - you can use the Update Selected Vulnerabilities (Individually)option.

Mark Vulnerability Ready for Retesting / Not Ready for Retesting

Once a vulnerability is ready for retesting, any user on the project can mark the vulnerability as Ready for Retesting from the vulnerability page menu.
The audit trail for the vulnerability will also be updated to reflect the change in status.
Any user can also mark the vulnerability as Not Ready for Retesting to set it back to Open status.

Add Remediation Note

As a vulnerability is in the process of remediation, project team members can update the vulnerability audit trail to include remediation notes. These notes are also synced with JIRA.

Mark Vulnerability as Closed / Re-Opened

During remediation testing, vulnerabilities can be Closed and Re-Opened depending on their status.
You can also bulk update status for vulnerabilities as follows:
    Mark as Ready for Retesting
    Mark as Not Ready for Retesting
    Mark as Open
    Mark as Closed

Bulk Add Tags

This feature will add new tags for each selected vulnerability if the tag does not already exist on the affected asset.
To customize an existing CVSS score for vulnerabilities on the project, include the following at the start in the tags:
    CVSS:3.1
    CVSSv3.1 Base Score:
    CVSSv3.1 Temporal Score:
    CVSSv3.1 Environmental Score:
    CVSS:3.0
    CVSSv3.0 Base Score:
    CVSSv3.0 Temporal Score:
    CVSSv3.0 Environmental Score:

Bulk Add ReportGen Fields/Tags

This feature will add new ReportGen tags for each selected vulnerability if the tag does not already exist on the affected asset.
To customize an existing tag - if the tag/name already exists on the affected asset, it will update its value to the new supplied value.

Update Affected Asset on a Vulnerability

You can update the affected asset for a vulnerability:
Or perform bulk update across multiple vulnerabilities:

Duplicate Vulnerabilities

You can also duplicate vulnerabilities:

Delete Vulnerabilities

You can delete vulnerabilities individually:
Or you can bulk delete vulnerabilities:

Assign Vulnerabilities to Another Project

As an Admin user, you can re-assign a vulnerability to another project. Once a vulnerability is re-assigned, it will no longer be available on the current project. All remediation notes & evidence will also be relocated to the new project.
Previous
Creating Vulnerabilities
Next
Reviewing & QAing Vulnerabilities
Last modified 4mo ago
Copy link
Contents
Overview
Update Vulnerability
Upload Evidence to Vulnerability
Bulk Update (All)
Bulk Update (Individually)
Mark Vulnerability Ready for Retesting / Not Ready for Retesting
Add Remediation Note
Mark Vulnerability as Closed / Re-Opened
Bulk Add Tags
Bulk Add ReportGen Fields/Tags
Update Affected Asset on a Vulnerability
Duplicate Vulnerabilities
Delete Vulnerabilities
Assign Vulnerabilities to Another Project